This is a GPL project. Other than restrictions on relicesnsing, the one thing the GPL doesn’t allow is redistributions with the same name and logo, because anyone could rebuild the source code with malware added and the developer would be perceived as responsible.

You, today, can literally rebuild strawberry with a changed logo and name, and write “my program exactly strawberry except with a changed logo and name” and make that repository publicly available for free and it cannot be taken down as long as it is licensed the same way. No developers are losing sleep over lost sales from piracy of their GPL program. Otherwise they would not use the GPL in the first place.

If a developer sees that their program is being rehosted on codeberg with the same name and logo, what steps do you think they should take to verify that the binaries being shared were not rebuilt from the publicly available source code with a cryptominer added? I can’t think of a way to prevent that other than requiring a name and logo change and taking it down otherwise. It’s not enough to verify just once, because the new code author could change a legit binary to an infected one at any time.

And, again, there is no target audience for this “scam”. What do you believe might motivate the kind of customer who would regret purchasing this to pay for it in the first place? There is no need to litigate possible reasons why something might be a malicious moneymaking scheme when there is no imaginable target that would be victimized.