I don't understand this. If that project is not offering a bug bounty, why are they getting so many PRs? What possible incentive is there to spend real money on tokens just to push junk PRs? Are the PRs spamming a product or something?

▲

jubilanti 5 hours ago | parent | next [-]

Why does every programming job application ask for your GitHub profile? The industry used open source contributions as a proxy for candidate quality, and this is Goodhart's law in action.

	▲	andai 5 hours ago \| parent [-]
		It's also why the default approach is to install several hundred unnecessary dependencies.

▲

0xf00ff00f 4 hours ago | parent | prev | next [-]

They're offering bounties: https://github.com/UnsafeLabs/Bounty-Hunters/issues

	▲	Lalabadie 3 hours ago \| parent \| next [-]
		To clarify: The fake issues, in the fake repo, have bounty labels.
	▲	HnUser12 3 hours ago \| parent \| prev [-]
		[flagged]

▲

alexandra_au 4 hours ago | parent | prev | next [-]

They see it as an investment, they're basically shooting in the dark hoping they'll hit their target and get a bounty payout.

▲

pdimitar 5 hours ago | parent | prev | next [-]

My mind absolutely doesn't bend that way but I'd suppose clout and popularity?

▲

reaperducer 5 hours ago | parent | prev [-]

Maybe once the account has enough stars and reputation, the human behind it will use it to try to get an actual paying job.

Almost every time someone on HN asks how to increase their chances of employment, the response is to contribute to other people's Git* projects.