Yet another “brilliant” scheme from a cryptobro. Naturally this caused a gold-rush for scammers who outsourced random people via the gig economy to open PRs for this yml file (example)
For context, Tea (the cli tool) was created by the author of homebrew. But for some reason he changed the name to pkgx and made tea into the crypto thing: From the creator of Homebrew, Tea raises $8.9M to build a protocol that helps open source developers get paid
He’s probably interested in blocking these kinds of PR’s.
He’s probably interested in blocking these kinds of PR’s.
He is now that people are spamming the high profile projects he used as examples in his “get paid” cryptobro scam videos and it’s pissing people off in the FOSS communities hes trying to worm the project into.
Hilariously, he stated that he would be really unhappy if people were doing this to his actual FOSS projects, which makes me wonder why he didn’t use them in his examples instead of the completely unrealted Node.js and ghost projects.
Its almost like he made himself getting rich someone else’s problem. Totally unlike crypt bro behaviour, of course.
The easy red flag here is YAML. It’s a hideous, overly-complex format for anything so of course a scam would choose it.
I see you get downvoted a lot. But as a norwegian that repeatedly have run into the norwegian problem when trying to use some program… i see you.
I’ve seen video ads claiming to show you a way towards passive income from other people’s videos somehow. Now it’s coming to open source projects…
Honestly doesn’t sound like a terrible idea on paper, but this spam outbreak could kill it before it gets off paper in a real way. Giving devs a bad taste will stay around a long while.
Edit: and of course the well-earned general attitude toward cryptocurrency as scammer playgrounds is automatically putting it way in the red too.
Am I stupid? How is this in any way confusing?
I kept re-reading this line and it made no sense. All I need to do to claim ownership of a project is merge a pull-request? Do I own Laravel because I’ve gotten a pull request merged? (emphasis mine)
Merging a pull request and having a pull request merged are two completely different things, and one very much requires you to own the project or have contributor rights to it. Which is exactly what the scammer is looking for proof of.
How was the author confused by this? Or am I somehow the dummy here?
@CrayonRosary having a pull request merged is in no way a proof of ownership of the repo, or a sign that the owner wants to participate in this scheme. There are better ways to prove ownership. It’s relatively easy to slip in some file unnoticed, or falsely explain during the PR process what the file represents. So choosing this way of validation is a huge red flag about the whole scheme. It motivates people to falsely claim ownership of popular repos.
