Posted by ingve 6 days ago
I'd rather enforce a limit based on the number of PRs that account opened across all public repositories it doesn't have write access to within the last week. And PRs that were closed without getting merged should be held against the account somehow (perhaps via a "close as unwelcome" option for the maintainer).
That strikes me as a bad solution. I've sent plenty of PRs over the last two decades that were things I wasn't sure if upstream wanted or not, but I did the work and wanted to offer it to them. If you get penalized for not having a PR merged, it's going to incentivize selfishness
In any case, my proposal is a rough sketch of how I'd approach the problem, not a production ready algorithm. But I'd expect even that basic approach to work a lot better than github's approach.
If I was a maintainer of an open-source project, I would have a two-tier system:
-PRs from previous contributors.
-All others, sorted by lines of code, ascending.
Reasoning:
-Large PRs from someone without a track record are rare.
-It's not a huge ask to have people first solve a smaller problem.
-Small PRs are easy to verify - it's especially easy to tell if a given one-liner is impactful or just spam. Should also be easier to summarise it in the title.
-Don't quote me on that but I think LLMs are still bad at clear, concise, meaningful changes.
In my case I sometimes get a flurry of PRs from over-exuberant contributors, not necessarily low quality even! Using this I can at least put some back-pressure on that and help keep things more fair across my contributors.
Every successful merge for a PR spread across N days slowly increases "Human Trust" score. (So a slow of fake merged PR's cannot fake increase Human Trust score). Just like the real world, Human Trust should be hard to gain and easy to lose.
If your Human Trust Score becomes negative due to too much "AI Slop", then you are banned from all PR submissions for a quarter. Your profile picture is also replaced with the Robot Identicon to indicate to the world that your human brain has been replaced by AI and urgent health-check is needed.
> banned from all PR submissions
So then the person can't even make a PR against their own repository? Or when we're there a maintainer, known contributor, or a member of an organization that might be their workplace?
Obviously ban is only for PRs against other repositories belonging to different users/organization. Not PRs towards same user/org.
This is a band-aid. Maybe even a good band-aid, because it'll keep individual contributors from flooring the zone. But the core problem is Github's model that assumes code is worth reading.
I'm much rather see the agent logs stapled to PRs. Make it easy to understand if there's a brain behind the suggested changes before engaging.
This is the fundamental problem. You have to look at the equilibrium. When you submit a PR, you're asking for some of my time. I have to figure out if it's likely to be worth it for me. If you have a track record of producing useful software that I have merged before, you're putting your reputation at risk when you submit a new PR, so it's probably good. If you start sending AI slop, I'm going to downgrade your reputation.
If you have no track record though, I'll probably at least take a glance since even if I'm not sure, at least you had to spend some time to write the code and put together the PR. Now that's not true.
My guess is we're going to have to create some new systems for reputation, maybe bond posting, maybe "sponsored" PRs, where someone trusted vouches for it, etc.
Incidentally, this doesn't just apply to PRs. It's emails, all kinds of other messages, reports, etc.
It would be very annoying? Spammers can still spam one message, but now your friends can't email you twice. Awesome.
This is a barely-better-than-nothing blunt tool.
I also like the other features mentioned in the blog post. It won't make a difference to me and my daily work, but I'm glad that they are taking the criticisms seriously.
Though I have to admit that I'm a bit conflicted about this. Part of me also wants more people to move off of GitHub to help break their monopoly on code on the web, but I also don't want the people making and maintaining open source to give up their projects due to burnout and slop spam.
If <time> is set low enough, the noise still exists
If there’s even any minor truth to dead internet theory then it extends to Github most certainly.
Or donate money. Crazy idea, eh?
[1] How Tide Detergent Became a Drug Currency - https://news.ycombinator.com/item?id=5023204 - January 2013 (124 comments)
(edit: maybe put AI tokens on stablecoin rails as value tokens? could be fun, could move them around instantly between participants on the value rails and could consume them programmatically, if someone implements this idea, buy me a beer!)
This sounds like a piece of worldbuilding from a Daniel Suarez novel. Who has tokens but no money?
"Donate tokens". "Gift tokens". Semantic drift?
So almost everything is forked and I then just have the agent keep my changes in sync with upstream. Works like a charm. I suspect my pattern is commonplace.
Do you realize that all the major package system on BSD and Linux works that way. You take upstream, patch it to get it to compile on the system, and then build a package. That is what open source is about. It's not about building a community and what's not.
The problem is sloppers really, really want other people to use their code, so they feel useful for doing a bit of prompting, probably to rationalize how much they pay Anthropic et al to do the actual work for them. I just wish they'd direct that money directly to the projects they find useful instead of trying to insert themselves as middlemen.
It was on HN here: https://news.ycombinator.com/item?id=48621645