Comment by rozab
1 day ago
If most malware repos are created in the last few days by a fresh user, then it sounds like GitHub is taking action against them? Or where are the old ones?
1 day ago
If most malware repos are created in the last few days by a fresh user, then it sounds like GitHub is taking action against them? Or where are the old ones?
Well, my trend detection logic rewards recent stars more than older ones [1]. Recency is an important factor for many custom and public tools that track GitHub trends. I think the bad guys intentionally recreate repos - I actually noticed that.
That being said, they do take action if you report the repo. So I'm guessing good users are doing the heavy lifting here with reporting. I don't believe GitHub is taking enough proactive measures, or maybe they do, but it's not working well, obviously.
https://hadid.dev/posts/github-trends/#growth-based-approach
Yea, I'd change it to, they care about the malware and will remove the repos, but above everything else they don't want to slow down the signup flow