Comment on China is attempting to mirror the entire GitHub over to their own servers, users report
BeigeAgenda@lemmy.ca 4 months agoThey can use the same name but if the owner signs their commits we can at least spot the fake commits.
And even if they clone all repos they don’t clone the build systems, so their builds of apps and windows installers will be signed with different keys.
For people who follow guides to clone something from a repo, compile it and install it, they need to be on their guard if the repo URL is not the official one.
umami_wasbi@lemmy.ml 4 months ago
How many know what even signed commit and build is? For people following a guide they don’t even know what Github is for but a nice place to have free programs.