| |
| ▲ | matsemann 4 hours ago | parent | next [-] | | > the security of all our computers depends on maintainers Not getting paid anything, getting bullied and harassed while spending their free time maintaining things. Surely this isn't sustainable. And telling maintainers how to act will not fix anything. | | |
| ▲ | fc417fc802 2 hours ago | parent | next [-] | | > telling maintainers how to act will not fix anything. That depends. In this case it's good actionable advice that should hopefully lower cognitive load. Politely suggest a fork, then if the nagging persists block and move on. Sure if you're in a position of authority you have a responsibility to the community but cutting ties with a stranger who is flagrantly violating social norms is perfectly acceptable. There's no expectation that you indefinitely burden yourself with their poor behavior. Sometimes dropping the ban hammer really is in the best interests of both yourself and the project. | | |
| ▲ | matsemann 2 hours ago | parent [-] | | I don't really think it's actionable. It's like all those campaigns trying to steer behavior, pretty useless. Don't do drugs. Don't speed. Don't drink and drive. You can't just tell people something and expect it to happen. You need systems and guard rails in place. Relying on maintainers to always do the right thing to ensure our security by telling them what to do is not the way. | | |
| ▲ | fc417fc802 2 hours ago | parent [-] | | It's not an attempt to steer behavior but rather intended as helpful advice. There are certainly cases of organizations disseminating "helpful advice" with the underhanded intent of steering behavior but that doesn't mean we should assume bad faith by default. The advice is actionable because it is a concrete change that could be made. I believe it to be relevant to the context because someone in a position of authority who is badgered into accepting something would most likely benefit from reevaluating how he is interacting with the general public. |
|
| |
| ▲ | josephg 3 hours ago | parent | prev | next [-] | | > telling maintainers how to act will not fix anything. I'm just saying its ok to ignore overly enthusiastic contributors and tell them to just fork your project. I think this does help, actually. In my early days of maintaining opensource software I felt burdened by open PRs - like I was letting someone down by ignoring their work. "Its ok, let them do whatever in their own fork" is advice I wish someone had given me. | | |
| ▲ | dotancohen 3 hours ago | parent [-] | | > I'm just saying its ok to ignore overly enthusiastic contributors and tell them to just fork your project.
I propose the phrasing "fork off". |
| |
| ▲ | stackghost 3 hours ago | parent | prev [-] | | >And telling maintainers how to act will not fix anything. Indeed. For too long, maintainers were expected to be gracious, courteous, and polite at all costs lest they be labeled "problematic", except for a few who were too influential to be muzzled like Theo de Raadt or Linus. Perhaps we need to normalize bullying people who submit obvious slop as PRs. | | |
| ▲ | fc417fc802 2 hours ago | parent [-] | | No, you absolutely should be gracious, courteous, and polite. But only at first. The duty of maintaining a functional community doesn't mean you're obligated to suffer unlimited abuse. |
|
| |
| ▲ | jaypatelani 5 hours ago | parent | prev | next [-] | | That's some of the reasons NetBSD don't accept LLM/AI tainted code | | |
| ▲ | LoganDark 5 hours ago | parent [-] | | I am sad people conflate this stuff with LLMs being bad. You can condemn the bad behavior without banning an entire technology. | | |
| ▲ | broodbucket 4 hours ago | parent | next [-] | | You can but that doesn't help you keep the flood of contributions out when you don't have the time or resources to properly discern good from bad. Maintainers would rather have 10 good human authored patches than 100 patches from LLMs, even if 20 of them are good. Even if 50 of them are good, probably. | | |
| ▲ | LoganDark 4 hours ago | parent [-] | | As if a rule against LLMs actually stops those sorts of spam contributions. The only thing it does is filter good contributors out, while you still have to deal with the bad ones. | | |
| ▲ | shakna 2 hours ago | parent [-] | | It makes it easier to filter. Most LLM spam can be easily noticed. And those that aren't automatically filtered, can fairly easily be closed by the maintainer - when they don't have the weight to assess each on their validity. |
|
| |
| ▲ | sph 3 hours ago | parent | prev | next [-] | | Technology doesn’t exist in a vacuum, you need the consider the possibility it will be used for evil and the effect that might result from that. Far too many people dismiss LLM risks with ‘oh, if people just stop being gullible/greedy/lazy everything will be fine’, as if that is a sensible proposition. In fact, LLMs proliferate in exactly because people are gullible, greedy and lazy and it’s easier to write a prompt than do the hard work of architecting software. It is easier to vibe code than use them with care. It is easier to tell oneself ‘I will just accept this PR blindly, but I promise I will do a better job reviewing the next’ | | |
| ▲ | LoganDark 3 hours ago | parent [-] | | I do consider the possibility it will be used for evil -- and then I ban evil. |
| |
| ▲ | coldtea 4 hours ago | parent | prev [-] | | But banning an entire technology is even better, as the potential for abuse and bad behavior is now scaled 1,000,000 times over. |
|
| |
| ▲ | sevenzero 5 hours ago | parent | prev [-] | | I really wonder how maintainers get pressured into merging stuff? If they did not want to merge in the first place while having to argue with someone pushing their PR I'd immediately close the PR. Arguing and pressuring people is not a way to contribute to projects, why do maintainers even argue with people? | | |
| ▲ | coldtea 4 hours ago | parent | next [-] | | >why do maintainers even argue with people Because they don't want to be seen like assholes, who just blindly dismiss PRs, and because they take the technical discussion about the PR in good faith. | | |
| ▲ | sevenzero 2 hours ago | parent [-] | | Honestly most places on the internet are not places to go into arguments in good faith. Maybe it used to be different, but with the amount of OSS projects being endangered by AI slop contributions, silently closing PRs should be the norm. If someone gets emotional about their PR being rejected, well... its kinda their issue. |
| |
| ▲ | chasd00 4 hours ago | parent | prev | next [-] | | Some people are very susceptible to bullying even if they’re in the position of power. | |
| ▲ | bertylicious 2 hours ago | parent | prev | next [-] | | Have you read the PR discussion? | |
| ▲ | ta8903 4 hours ago | parent | prev [-] | | That makes it look like you're too stupid to understand the PR. Edit: I see this comment getting downvoted. To be clear, I was trying to explain why someone would want to merge a PR without going through all of it, I didn't mean to call such people stupid. | | |
|
|
