[jakobe]

Actually not. I'm the maintainer of a popular Open Source project that is hosted on Github. If someone stole my credentials, they could replace the current release with a binary containing a Trojan.

Looking at the security history page I see a lot of failed login attempts. Makes me glad I enabled 2-factor-authentication!

[enscr]

Your post should be at the top for other Github maintainers to see.

[yukkurishite]

You put compiled files on github?

[jakobe]

Github recently introduced a "Releases" section where you can tag releases and provide binaries: https://github.com/PostgresApp/PostgresApp/releases

It's a great way to distribute Open Source software. (Previously Mattt hosted it on a personal Amazon S3 account which he paid out of his own pocket; now bandwidth is generously paid for by Github)

[ersii]

I don't know about you, but I seldom read through all the source code of the open source/free software I use. Yeah, even when I actually compile it myself.

If someone would slip in rogue code - it's quite likely some to many would actually run it and deploy it. Especially if it's a fast moving piece of software - like being so rapidly developed that distribution packages can't keep up for either time or stability reasons, leading people to compiling/deploying from source themselves.

[est]

lol the real motivation is Ripple offers giveaways. github account == $$$$