Hacker News new | ask | show | jobs
by Aurornis 477 days ago
> The repos aren't themselves doing harm,

Yes they are. Did you read the part about the people doing this and getting 50-100 compromised computers per day? They’re stealing accounts and crypto with these.

> are valuable for research,

Research into how they’re harming people? The research is done. Time to move to fixing it.

> and would be distributed some other way if GH removed them.

This is like saying we shouldn’t wear seatbelts because some people will still die in car crashes anyway.

You don’t avoid improving a situation just because you can’t perfectly fix it globally. You address what you can and reduce the problem.
1 comments
dcow 477 days ago
At least the malware is exposed in the light of day. I didn't say don’t fix something. I asked whether the malware should be removed vs e.g. being flagged by github. If github removes it, it will move somewhere else and be harder to keep a thumb on. That’s fine, I was curious because this “research” wouldn’t have happened in the first place if the malware was elsewhere. It sounds like intent here matters…
link
Aurornis 477 days ago
> If github removes it, it will move somewhere else and be harder to keep a thumb on.

It’s on GitHub for visibility and credibility to victims.

If it moves somewhere else where victims can find it, the researchers can find it too.

link