The dichotomy here is you can’t be famous hosting exploits on smaller forges. Gotta be on the big platforms where you can be starred and forked for social media cred to make news stories to impress your friends. IIRC I think HeartBleed (maybe ShellShock?) was the tip of this popularity iceberg…
I do loosely use stars to gauge how popular a library/framework is before investing a lot of time in it, however, I do also use other metrics like PR count, issues, etc
Stars are just someone’s bookmark (me included) because there’s no simple “bookmark this because I’ll forget in an hour and want to look at it later when I have time.” If one trusts Stars, you’re literally trusting a bookmark that I didn’t put more than 2 seconds of thought into clicking because I have a bad memory. Many I know do the same.
I go straight to code history, show me what the commits look like. One can derive a lot about the project based on just the way the commit messages are written before looking at the code being changed. How the code is changed over time (process, communication, methods, etc.) adds more layers to the qualitative observation. I move on to Issues when I want to see how the devs interact with the users having problems, which is another story.
The dichotomy here is you can’t be famous hosting exploits on smaller forges. Gotta be on the big platforms where you can be starred and forked for social media cred to make news stories to impress your friends. IIRC I think HeartBleed (maybe ShellShock?) was the tip of this popularity iceberg…
Does anyone care about stars?
Openclaw is the most starred repo in years (i wonder why) and is incredibly niche.
Stars are kind of a scam.
I do loosely use stars to gauge how popular a library/framework is before investing a lot of time in it, however, I do also use other metrics like PR count, issues, etc
Stars are just someone’s bookmark (me included) because there’s no simple “bookmark this because I’ll forget in an hour and want to look at it later when I have time.” If one trusts Stars, you’re literally trusting a bookmark that I didn’t put more than 2 seconds of thought into clicking because I have a bad memory. Many I know do the same.
I go straight to code history, show me what the commits look like. One can derive a lot about the project based on just the way the commit messages are written before looking at the code being changed. How the code is changed over time (process, communication, methods, etc.) adds more layers to the qualitative observation. I move on to Issues when I want to see how the devs interact with the users having problems, which is another story.