Hacker News new | ask | show | jobs
by jazzyjackson 662 days ago
> I would call that straight up abuse of GitHub.

This is really inflammatory. GitHub explicitly allows publishing release artifacts without source - if GitHub considered this abuse they could make it so compilation had to occur as a github action such that the artifact is guaranteed to be compiled from the source as it exists within the repo. As it is users can push any old binary up and claim that it was built with the code in the repo.

https://docs.github.com/en/repositories/releasing-projects-o...
1 comments
theamk 662 days ago
It's a social convention, not an enforced rule - if one sees a github link, the expectation it's an open source project, or at least source-available. Having closed source project hosted there breaks this expectation.
link
asveikau 662 days ago
If you're working in a private repo for your closed source company or whatever then fine. Maybe also you pay GitHub for that.

If the repo is public, it's highly suspicious that you're serving malware. Even if not, it doesn't match a sensible git workflow. You wouldn't run a private repo with a README and no source code with some binary links. That's not a sensible way to do any project, open or not.

link