The point here is it’s actually really hard to identify scammy software by name. It only seems that way with extensive domain knowledge. As adoption of Linux continues to grow more people will be duped.
(Obviously joking, nothing but love for OpenBSD.)
Proving trust is hard.