Comment by AdmiralAsshat
8 years ago
Not sure how the Atom plug-in store works: if this were yum / CPAN / pip, I would think there'd be some way to kick these plugins out of the stores and force anyone who really wants it to install manually. I think that's the best way to tackle this kind of deception: fork it, kick it out of the app stores, and make it difficult as possible for someone to inadvertently download the adware-written version.
A maintainer for amp (atom package manager I guess?) explicitly said they're sitting this one out. The mini-map plugin has been forked and rolled back to the version before the ads popped up.
That's a pity. It is incumbent upon the package manager vendors/curators to watch for this kind of stuff and bring the hammer down when it happens. Apple does it. Google does it. Mozilla does it.
I can guarantee that there are other commercial companies watching how this plays out. If the changes are simply rolled back without any real repercussions, what other malevolent entities will take away from this incident is, "You can inject adware into your acquired FOSS applications, but do so discretely."