Comment by gitfan86
5 days ago
Those people won't be vulnerable to this attack, since this attack is only useful in supply chain attacks. The people vulnerable to this would be maintainers of open source repos who could end up approving a malicious PR.
You can certainly launch supply-chain attacks via SourceForge or GitLab; indeed, probably the most famous open-source supply-chain attack in history was carried out by SourceForge's former owners.