Yet another “brilliant” scheme from a cryptobro. Naturally this caused a gold-rush for scammers who outsourced random people via the gig economy to open PRs for this yml file (example)
If you think “crypto” people came up with this I have bad news for you, spamming is as old as the internet, and adding ads to repos is not new. Btw, “cryptobro” is a sexist term that excludes women.
You saying cryptobro is sexist just reinforces your own stupidity.
The easy red flag here is YAML. It’s a hideous, overly-complex format for anything so of course a scam would choose it.
Brief history of YAML:
“Oh no! All of these configuration file formats are complicated. I want to make things simpler!”
(Years go by)
“…I have made things more complicated, haven’t I?”
YAML is generally good if it’s used for what it was originally designed for (relatively short data files, e.g. configuration data). Problem is, people use it for so much more. (My personal favourite pain example: i18n stuff in Ruby on Rails. YAML language files work for small apps, but when the app grows, so does the pain.)
I see you get downvoted a lot. But as a norwegian that repeatedly have run into the norwegian problem when trying to use some program… i see you.
Am I stupid? How is this in any way confusing?
I kept re-reading this line and it made no sense. All I need to do to claim ownership of a project is merge a pull-request? Do I own Laravel because I’ve gotten a pull request merged? (emphasis mine)
Merging a pull request and having a pull request merged are two completely different things, and one very much requires you to own the project or have contributor rights to it. Which is exactly what the scammer is looking for proof of.
How was the author confused by this? Or am I somehow the dummy here?