False Attribution

[antony]

Hi. It looks like if somebody creates a fork of a repository on github, then makes a bunch of changes (malicious or otherwise), the Sourcerer profile will suggest that a repository is "verified by network. We verify repos by comparing commits submitted by coworkers."

This behaviour is problematic when implying that an original author in any way endorses the work of the nefarious third party, simply based on the fact that the project is a fork. The author even appears in a list of avatars appearing to "endorse" or "verify" the work.

This is happening in an instance which could be seen to cause reputational damage to the original author (I will not mention names or repositories here to protect the innocent). Please consider the impact and implications of this functionality.

[AlexisTM]

I fully agree, endorsing should be at least an active action from the user perspective. Forking a project does not mean endorse all activity of a user.