Comment by ptx
1 day ago
The problem the article is describing seems to have little to do with open source. There were GitHub repositories that had links added in their READMEs to a zip file containing compiled binaries.
GitHub is not a curated software repository. It's essentially no different from some random stranger linking to some binaries on a forum. (There are communities that seem to have no concerns about running unknown binaries from strangers in forum threads, but I wouldn't recommend it.)
there are numerous OSS maintainers who have turned GitHub into a religion. the maintainers of bevy and brew come to mind. it is a "curated software repository" and so much more, it's practically a way of life for these guys.