Wait! I think most people missed your "touched by Copilot" disclaimer.

Over on twitter, someone from MS said that Copilot can modify PRs simply because they were mentioned?

I've been using GitHub since it was new and heavily rely on coding agents for development, but that's an insanely large security hole. There's clearly confusion about what copilot is and is not able to edit elsewhere in this thread.

I'm backing up old repos now, and am no longer trusting your service as an archive. I'm wondering if the world needs to fork things like npm and vs code to save itself from the supply chain attacks these sort of product management decisions will enable.

I already moved active development elsewhere when you dropped below three nines back in 2024-2025.

▲

naikrovek 5 hours ago | parent [-]

If you don’t want copilot to work on your PRs, don’t ask it to.

▲

manmal 4 hours ago | parent [-]

I would expect it to comment, not alter the code?

▲

naikrovek 2 hours ago | parent [-]

It won’t unless you ask it to. It will review your PRs and it will create PRs if you don’t turn those things off, I believe, but it won’t edit or modify any PR.

My employer pushes copilot quite hard and I’ve never seen copilot do anything without me telling it to act in some way.

	▲	manmal an hour ago \| parent [-]
		Thank you for clarifying. It’s hard to get facts nowadays, people are just claiming whatever.