Y
Hacker News
new
|
ask
|
show
|
jobs
by
pervycreeper
2792 days ago
This requires owning both repositories. The user puts a measure of "trust" in the owner whose repository he had starred already, so this seems more like a violation of that trust rather than an "exploit".