When Github first showed up, I really liked it that (unlike on e.g. SourceForge) the username is right in the project's URL, it suggested that someone's accountable for the project. But there's no such thing as "accountability" when you're relying on unpaid volunteer work, made available for free to the general public - the "NO WARRANTY" is spelled in all caps, right there in the license.
So how do you know if you can trust the code you're running? You use your own judgement.
When Github first showed up, I really liked it that (unlike on e.g. SourceForge) the username is right in the project's URL, it suggested that someone's accountable for the project. But there's no such thing as "accountability" when you're relying on unpaid volunteer work, made available for free to the general public - the "NO WARRANTY" is spelled in all caps, right there in the license.
So how do you know if you can trust the code you're running? You use your own judgement.