Easily? You think the kind of people who think it makes sense to make bogus slop PRs are going to react reasonably to overburdened volunteer maintainers refusing to give them their US$10 back?
Easily? You think the kind of people who think it makes sense to make bogus slop PRs are going to react reasonably to overburdened volunteer maintainers refusing to give them their US$10 back?
Yes. Once a PR is rejected, contact from that bot is blocked. No appeals.
This is never going to work. Sufficiently many of these people are going to find maintainers' home addresses and send them death threats and the likes. If you see how badly some people flip out just because their PR is rejected, it's going to be much much worse if their PR is rejected and their money is taken.
Ok. If I'm the maintainer receiving death threats over that, I'd tell them they would get the $10 dollars back, plus some extra money for their troubles.
Location of the envelope with the money: the same police station where I'd reported the death threats.
The worst case is that someone loses out on $10, no? How does this work if the maintainer is the swindler?
I don't think that is a (very realistic) concern. AI is slop, the problem is not that the real contributors are struggling to get PRs merged.
The bigger issue being, raising the bar to students who may have otherwise had productive careers (but education is a general issue, where the students don't even yet recognize they are being scammed).
I don't follow, and I'd be concerned that this opens up a cottage industry of bots generating plausible looking repositories that unwitting contributors would attempt to contribute to. We already know that bots are astroturfing repos to generate overinflated star counts. I'd say the least crap option here is to honeypot PR contributions from bots
This feels like bot logic, lol.
Unless the contributors don't care about the repos they contribute to, this is not a likely scenario. AI doesn't care. We do.
What is bot logic exactly?
You keep describing this as not a likely or realistic scenario. But why is the likelihood even of relevance here? The way to avoid the worst case i.e scammed of your money, is to not even put it on the table in the first place.
> What is bot logic exactly?
Ill thought out logic like your own. I think you are likely a bot at this point.
It's not likely, because that's not something that people are likely to do. Only a bot like yourself with a poor model of the world will do this type of thing. It will be amusing to see the AI bots trying to run the scam you are describing and then nobody will contribute to the fake projects... except other fake AI contributors.
Dude, you're claiming that there's no likelihood of people getting swindled out of their money by handing it over to strangers. So your reaction is to play the bot card? We're done. You're clearly not arguing in good faith here.
> people getting swindled out of their money by handing it over to strangers.
I think that OP is trying to say is that there is very little reason for a human to go through the trouble of contributing to a "plausible looking fake repo".
To get to the point that a repo starts to attract interest from other contributors, that project needs to have actual utility.
Who in their right mind would jump into opening a PR from projects they never used? And if the project does get used to the point that it attracts people interested in contribute to improve it, wouldn't it mean that we've achieved https://xkcd.com/810 ?
So I pay $10 when your bot fucks up?
That's called theft. And for what, one banana?
Obviously, the triage should be done by a human and not automated.
Doesn't that put us into the same position?
Let's also be realistic, everything that can be automated will. Even if that thing is worse off for it. There's a clear historic pattern of this. Companies and people love to be penny wise and pound foolish.
> Doesn't that put us into the same position?
Of course not, because the number of low-quality PRs with $10 attached to it will be lower than whatever number of PRs are being created now.
You also lose out on a lot of would-be PRs. By people who don't have the money, don't have trust, or have a visceral "fuck you" stance. There's a lot more reasons that this suggestion creates a gate that dissuades the people you want. I stand by that the solution is naïve, but you're welcome to give it a try on your projects. I'm sure it'll be effective at reducing a lot of spammers, but I'm also pretty convinced it'll come with a large false positive rate, which is invisible (giving you false confidence)
> You also lose out on a lot of would-be PRs.
I am more concerned about the sustainability of the projects as a whole than trying to optimize the number of potential random PRs.
> you're welcome to give it a try on your projects.
It's not exactly the same, but in a way I'm already doing that with Communick. I'm running one of the few Matrix and Fediverse services where members must pay to have access. Up until last week, I was giving 14 days as a free trial period and no deposit/confirmed subcription required. But now because of AI bots, I dropped it and I am collecting payment info before activating any account.
If I were playing the startup playbook, that would be insane. It's already crazy to try to charge something that people are used to get for free; my conversion rates are already low, requiring credit card info will make them even lower.
In the end of the day, I don't care. At first I was really hoping this would be something profitable, right now I just keep it running because I can. Even with the small number of users Ithe servers get, I get enough to cover the better part of operational costs, I get to sharpen my devops skills and have a test lab to learn what is that people really want (i.e, they are willing to pay to have solved) vs what people claim to be a problem.
All in all, the Communick instances are not going to win any popularity contest, but my servers have been up and running without major issues or drama for more than 6 years, and that's a lot more than I can say for all the other servers that have come and gone because the admins tried to play the numbers game.
You can't just hand wave them away as if this isn't an important factor. If you don't care about them at all I got a much much simpler solution: don't allow issues or PRs. Problem solved! But that's not a real solution either
> You can't just hand wave them away as if this isn't an important factor..
There are plenty of ways to indicate in the project that the Pfand is meant as one way to filter out bad actors, but it doesn't mean that it should be the only way to accept external contributions. You can find somewhere else on the thread where I listed some alternatives that can be used as well.
> If you don't care about them at all I got a much much simpler solution: don't allow issues or PRs.
Yes, and what is the problem with this solution? That's what many projects are doing and many more will do. They will close access to non-members and only accept someone new when they have some type of social proof. [0] And that is totally fine.
[0]: https://news.ycombinator.com/item?id=43423063
If I have to trust you to give me back my $10, I'm never contributing to your code. Ever.
If I have to trust GitHub to give me back my $10, frankly, I have more trust for a random person on the internet at this point.
Also, you glossed over my banana joke, but it did hold meaning[0]
Are you serious? I mean it is an acceptable solution but it's completely orthogonal to the one we've been discussing. I can see you're not serious. I was skeptical because the first comment, but thanks for making that clear now.[0] https://www.youtube.com/watch?v=Nl_Qyk9DSUw