| ▲ | dale_glass 6 hours ago | |||||||
That's not shutting anything down, that's just being selective with what you accept, and everyone did that already to some extent. Even pre-AI it was obvious that contributions have to be vetted for a bunch of reasons. | ||||||||
| ▲ | jcgrillo 6 hours ago | parent [-] | |||||||
Right, so the Github "open contributions" model where anyone can open an issue or a PR or otherwise waste a maintainer's time is broken. Fundamentally insecure under this type of attack. Now that the exploit is being used widely, and costing us immensely, we need to put a lid on it. If the only way to guarantee an AI bot (or its meatspace sock puppet) doesn't waste your time is to move to a "look but don't touch" model, then that's what we need to do. I think this would be a reasonable default: Public repos are read only except for contributors who have been given specific permission, and those permissions are granular e.g. in order of increasing damage potential: - comment on issue - create issue - comment on PR - create PR - run CI against PR - etc. In other words, shut it down. | ||||||||
| ||||||||