Comment on fake keepass repo on github
x00z@lemmy.world 2 weeks ago
PSA: The amount of stars on GitHub can be botted and is not a good indicator to know if you are dealing with a legitimate repository. Even the commit history can be faked (although that’s less common).
kinship@lemmy.sdf.org 2 weeks ago
How to go about it then? I am a layman and can’t inspect every application that I download on github
x00z@lemmy.world 2 weeks ago
Try to do some research like you would do with closed source tools. See if they have a website and if it links to the GitHub you encountered. Also see if there are subreddits or forums and see what they link to.
In the case of this “Pro” version of KeePass; a simple search would have shown that there is no Pro version.