GitHub is under automated attack by millions of cloned repositories filled with malicious code.::Thanks to a combination of sophisticated methodology and social engineering, this particular attack seems to be very difficult to stop.
What kind of lowlife attacks GitHub of all places?!
The smart kind of lowlife. Because it’s a very large and generally trusted source, meaning it’s an excellent vector for attacks. Sometimes the simplest reason is the most likely.
Meh, they practically fold at every complaint to takedown tools that get accused of piracy.
Nintendo especially gets annoying about deleting every possible fork of some tiny script that extracts the switch keys.
Plus it’s Microsoft, let them deal with it lol.
That’s why you should migrate to a Forgejo or GitLab instance.
Any thoughts on codeberg? I’ve seen a project or to there.
Wtf why is this being downvoted
Because they obviously didn’t read the article?
Unless you only use software and libraries hosted on gitlab, which you don’t, then that’s immaterial to this problem. GitHub is a target because of it’s size, Gitlab and friends are seemingly just as vulnerable to this sort of attack, which ONLY works because of human nature. Which last I checked is the same regardless of platform…
Gitlab is open source. You can download it and host it yourself. A decentralized developer community is resilient against this sort of attack for the very reason GitHub is so vulnerable: size.
Git was always designed with decentralized development and collaboration in mind. Its creator, Linus Torvalds, prefers not to bother with servers like GitHub at all. Git can even be used entirely over email (Linus’s preference)!
Gitlab is open source. You can download it and host it yourself. A decentralized developer community is resilient against this sort of attack for the very reason GitHub is so vulnerable: size.
Um, what? Sorry but if someone is going to send, say, ten million malicious contributions (or heck, even just one), I don’t particularly want to deal with that on my self hosted server. I’d rather someone else deal with it.
Git was always designed with decentralized development and collaboration in mind. Its creator, Linus Torvalds, prefers not to bother with servers like GitHub at all. Git can even be used entirely over email (Linus’s preference)!
The Linux project created Git to solve problems they had. Pretty much no other project in the world has the same set of problems - it’s a highly unusual open source project with tens of millions in market value. Other projects have very different needs.
