They can use the same name but if the owner signs their commits we can at least spot the fake commits.
And even if they clone all repos they don’t clone the build systems, so their builds of apps and windows installers will be signed with different keys.
For people who follow guides to clone something from a repo, compile it and install it, they need to be on their guard if the repo URL is not the official one.
It’s a new coding paradigm, I will take some time getting used to looking for libraries in the
uyghur/tianamen
folder.