sourcerer-app icon indicating copy to clipboard operation
sourcerer-app copied to clipboard

Published 20 hours ago • verified publisher icon sourcerer-io

False Attribution

Open antony opened this issue 4 years ago • 1 comments

Hi. It looks like if somebody creates a fork of a repository on github, then makes a bunch of changes (malicious or otherwise), the Sourcerer profile will suggest that a repository is "verified by network. We verify repos by comparing commits submitted by coworkers."

This behaviour is problematic when implying that an original author in any way endorses the work of the nefarious third party, simply based on the fact that the project is a fork. The author even appears in a list of avatars appearing to "endorse" or "verify" the work.

This is happening in an instance which could be seen to cause reputational damage to the original author (I will not mention names or repositories here to protect the innocent). Please consider the impact and implications of this functionality.

antony avatar Jul 01 '20 14:07 antony

I fully agree, endorsing should be at least an active action from the user perspective. Forking a project does not mean endorse all activity of a user.

AlexisTM avatar Jul 10 '20 07:07 AlexisTM