• @KairuByte@lemmy.dbzer0.com
    link
    fedilink
    English
    28 months ago

    Yeah, I’m confused on what the intent of the comment was. Apart from a code review, I don’t understand how someone would be able to tell that a package is fake. Unless they are grabbing it from a. Place with reviews/comments to warn them off.

    • KillingTimeItself
      link
      fedilink
      English
      18 months ago

      the first most obvious sign is multiple indentical packages, appearing to be the same thing, with weird stats and figures.

      And possibly weird sizes. Usually people don’t try hard on package managing software, unless it’s an OS for some reason.

      • @KairuByte@lemmy.dbzer0.com
        link
        fedilink
        English
        18 months ago

        Unless you’re cross checking every package, you’re not going to know that there are multiple packages. And a real package doesn’t necessarily give detailed information on what it does, meaning you can easily mistake real packages as fake when using this as a test.

        The real answer is to not trust AI outputs, but there is no perfect answer to this since those fake packages can easily be put up and sound like real ones with a cursory check.

        • KillingTimeItself
          link
          fedilink
          English
          18 months ago

          depends on how you integrate it i suppose. A system that abstracts that is pretty awful.

          At the very least, you should be weary of there being more than one package, without explicit reason for such.