

GitHub, the hot bed for spreading Trojans? - LuckyW

For mobile app developers using Adobe AIR, please DON&#x27;T use the ANEs (AIR Native Extension) under than two GitHub accounts.<p>https:&#x2F;&#x2F;github.com&#x2F;Code-Alchemy and https:&#x2F;&#x2F;github.com&#x2F;lilili87222<p>Their ANEs are Trojan by embedding their own AdMob ID in your app, steal part of your AdMob revenue: http:&#x2F;&#x2F;forum.starling-framework.org&#x2F;topic&#x2F;codealchemys-admob-ane&#x2F;page&#x2F;2?replies=42#post-71928
======
mcintyre1994
Obviously anywhere you can download binaries can cause this issue, but it's a
bit unfair to call Github a hot bed for it here. Their design encourages
publishing source code much more than it does binaries.

This seems more like a case of the binary differing from the published source,
which seems like a solvable problem for Github but I wouldn't blame them for
it.

It is a bit interesting to see how they could solve this - a potential
standardised build process where you could publish your process in your repo
and Github would build from your repo source using your repo process and
provide some kind of 'guaranteed' binaries. Not easy by any means but it'd be
interesting to see them give it a go. That said, they should probably just
keep focused on the diffable stuff really.

------
atmosx
I wonder, did you contact anyone at GH?

