Abusive child porn is a well defined content type that is objectively classifiable. For better or worse, so is copyrighted content (according to the rules of the DMCA claim process).
"Harmful software" is a much blurrier line. Is a GitHub URL being used as a dropper in an active malware campaign? That will probably get a repository removed. Is the source code for malware published on GitHub? That's not harming anyone in its current form, just like the source code of Popcorn Time isn't pirating movies.
Do you want to ban any content with a readme claiming it can be used maliciously? What if I want to publish a basic keylogger implementation for an open source cybersecurity class? Where's the line between educational content and cyberweapons? And even if it's a weapon, how do you know I don't have permission to install the keylogger on a system, like one belonging to a company paying me to pentest them?
"Harmful software" is a much blurrier line. Is a GitHub URL being used as a dropper in an active malware campaign? That will probably get a repository removed. Is the source code for malware published on GitHub? That's not harming anyone in its current form, just like the source code of Popcorn Time isn't pirating movies.
Do you want to ban any content with a readme claiming it can be used maliciously? What if I want to publish a basic keylogger implementation for an open source cybersecurity class? Where's the line between educational content and cyberweapons? And even if it's a weapon, how do you know I don't have permission to install the keylogger on a system, like one belonging to a company paying me to pentest them?