In my main project we added a new requirement that all new contributors meet a maintainer in a non-textual format before their first PR is merged. Seems to work well for a small project.
In my main project we added a new requirement that all new contributors meet a maintainer in a non-textual format before their first PR is merged. Seems to work well for a small project.
i do a lighter version on a small repo. first-time contributors get a "what problem were you hitting?" question before i look at the diff. genuine ones answer in two sentences. the spam PRs either go silent or paste back something that doesn't match their own changes and too long. even those with em dash terminator are still easy to spot. it costs 30 seconds and filters almost everything. a proper profile is also a must. i mean, we can all spot fake facebook pages. i believe we can spot auto generated github profiles. and if their bot is actually good? why not? fix
> and if their bot is actually good? why not? fix
One reason: automating the construction of a "trustworthy" profile lowers the bar for attackers who want to plant xz-style backdoors. Not to mention polluting the various signals people use to evaluate candidates for jobs.
Only if you have maintainers everywhere. I live in a small city in the middle of the US - how far is it to a maintainer? 4 hours to Kansas City, or fly to San Francisco? Either way the burden seems far too high.
Non-textual can mean audio or video call, not necessarily in person.
Isn't the burden being that high the point? It keeps a small team who all know each other working on it, and everyone who does get on the team has some high investment in the project.
I contribute to OSS substantially and my GitHub project has 150000 active users (users, not stars). Yet, I would not call you up just to send a PR to your project.
It's sad that it has come to this and to me it just means OSS is dead.
Like a video/phone call?
Indeed, a request for a short video call filters out most of the people who are looking to pad their resume with LLM-automated contributions, while adding an extra layer of welcome to genuine newbies who want to join the community.
Maybe to neurotypical newbies. To others it's going to be a giant "fuck off".
For our situation, building a foundation of trust in our community is more important than attracting as many contributors as possible. If a one-time face-to-face introduction is infeasible, then there are many other projects to contribute to. (And this is considering that our community is all math PhDs, cryptographers, and compiler engineers; we are no strangers to neurodiversity.)
I can only speak from my perspective, as someone who's lightly neurospicy with a good serving of crippling social anxiety on top, but having to jump on a quick discord call with the maintainer of a project I was excited about wouldn't be a deterrent to me.
Yes it sucks, but it's better than not regulating whatsoever, and at least this way I could be more certain my contributions didn't get drowned out.
I'm not sure if AI can do those today, but they probably can in the near future. (probably we will be able to see obvious "that can't be human" for a while longer)
If you (or even your pet LLM) is able to set up v4l-loopback and some convincing realtime image/audio gen I think that's a signal that your PRs might be worth reading.
It already can and it’s a big problem in recruitment. But for PRs I suspect it isn’t a big concern because this filter is to weed out PR spam from people who want to invest time in the project.
Job interviewees are now routinely asked to perform silly gestures (e.g., "wave your hand in front of your face") to catch out generative video models.
The point at which an AI can convince me in a video call revolving around a complex social interaction like an introduction and discussion of interests that it's human I'm gonna go ahead and let it have the title.
I'd be really happy to come across this in a project I were interested in. So much hobby OSS is infested with slop that I don't even want to skim the code if I pick up a hint that there's no humans at the wheel.
What an elegantly common sense solution. It's also probably a really good way to make contacts with interesting people.