Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.
  2. Unite 2023 Registrations are now LIVE! We are thrilled to announce that Unite 2023 Registration is now live and open for all!
    Dismiss Notice
New Forum User Notice Unite 2023 Registrations are now LIVE!

Feedback GitHub users are unwittingly leaking paid assets and pirate bots are forking them

Discussion in 'Package Manager' started by Spazius, Jan 3, 2023.

  1. Spazius

    Spazius

    Joined:
    May 22, 2018
    Posts:
    13
    That's not strictly an Unity issue, but because the Unitypackages are unpacked into Assets, it's the user's responsibility to ignore them from version control. This means that effectively a staggering number of them are being published into public repositories by beginners who don't realise the danger.

    In turn certain kind of bots (or dedicated invidiuals, possibly) find them and fork them so they can't be deleted. The number of devs at the risk of litigation is pretty incredible since the account had forked hundreds of assets in just a couple of months.

    I think it's so widespread and happens so easily that it should be addressed somehow. Maybe add to gitignore automatically from package manager? Force UPM as the standard for licensed packages? I'm not sure
     
    Spazius, Jan 3, 2023
    #1
    ErnestSurys likes this.

  2. damvcoool

    damvcoool

    Joined:
    Jul 23, 2013
    Posts:
    15
    Maybe extract assets into a folder that's automatically ignored that's not normally used by custom development. Like Plugins or AssetStore.
     
    damvcoool, Jan 5, 2023
    #2