Pull request limits are cutting down the noise

(github.blog)

38 points by ingve5 days ago

11 comments

CodesInChaos28 minutes ago
The primary spam problem isn't that a single account opens many pull requests on a single repo, but that spammer accounts open many pull requests spread across many repositories. So limiting accounts to a couple of open PRs on my repository won't help much.I'd rather enforce a limit based on the number of PRs that account opened across all public repositories it doesn't have write access to within the last week. And PRs that were closed without getting merged should be held against the account somehow (perhaps via a "close as unwelcome" option for the maintainer).
frankfrank131 hour ago
I think this is a really solid move. This gives OSS contributors a lot of flexibility. You could set the limit to 0, and manually add contributors. You could set it to 1-3 to allow people to get their foot in the door. But the de facto limit today is infinite, which is spammed. Imagine if GMail did this! If I don't whitelist or reply within `n` emails, youre done. I would KILL for that.
- SoftTalker55 minutes ago
 I get a lot of emails that I want to get but never reply to. I would not want to have to remember to whitelist all of those.
 - frankfrank1351 minutes ago
 Yeah fair, then you could set it higher, even 100. Or default it off.
- jasonpeacock38 minutes ago
 HEY email service does something like that:<a href="https://www.hey.com/features/the-screener/" rel="nofollow">https://www.hey.com/features/the-screener/</a>
trjordan18 minutes ago
If you didn't take the time to write it, why should I take the time to read it?This is a band-aid. Maybe even a good band-aid, because it'll keep individual contributors from flooring the zone. But the core problem is Github's model that assumes code is worth reading.I'm much rather see the agent logs stapled to PRs. Make it easy to understand if there's a brain behind the suggested changes before engaging.
- cameldrv0 minutes ago
 > If you didn't take the time to write it, why should I take the time to read it?This is the fundamental problem. You have to look at the equilibrium. When you submit a PR, you're asking for some of my time. I have to figure out if it's likely to be worth it for me. If you have a track record of producing useful software that I have merged before, you're putting your reputation at risk when you submit a new PR, so it's probably good. If you start sending AI slop, I'm going to downgrade your reputation.If you have no track record though, I'll probably at least take a glance since even if I'm not sure, at least you had to spend some time to write the code and put together the PR. Now that's not true.My guess is we're going to have to create some new systems for reputation, maybe bond posting, maybe "sponsored" PRs, where someone trusted vouches for it, etc.Incidentally, this doesn't just apply to PRs. It's emails, all kinds of other messages, reports, etc.
Unfunkyufo27 minutes ago
I don't often give GitHub credit, because I work with it every day and I encounter something frustrating or broken nearly every day ending in "day", but kudos to them for working on addressing the some of the big problems.I also like the other features mentioned in the blog post. It won't make a difference to me and my daily work, but I'm glad that they are taking the criticisms seriously.Though I have to admit that I'm a bit conflicted about this. Part of me also wants more people to move off of GitHub to help break their monopoly on code on the web, but I also don't want the people making and maintaining open source to give up their projects due to burnout and slop spam.
esafak33 minutes ago
We should have agents to triage PRs. Their "smarter bypass signals" is already implemented by Mitchell Hashimoto's Vouch system: <a href="https://github.com/mitchellh/vouch" rel="nofollow">https://github.com/mitchellh/vouch</a>
cyanydeez44 minutes ago
also, close all issues and open them as you plan to work on them.
mbaloch21365 days ago
[dead]
righthand1 hour ago
Oh stop, the noise is apart of your business model to stay relevant.
- MeetingsBrowser1 hour ago
  how so?
arjie1 hour ago
I think, amusingly, the right thing to do for most open-source projects is to have each pull request summary and code read by an agent that just reimplements itself from a description of what the code is intended to be. Other people's code is not particularly valuable anymore.There are some projects where you can provide a PR and they'll just reimplement and I think that's probably adaptive to the world where PR's are cheap and reviews are expensive.
- csiegert1 hour ago
 There is also the solution of: No merge requests, just feature wishes and bug reports. All code is written solely by the maintainers (with the help of LLMs).
 - parliament321 hour ago
 Add a mechanism to donate tokens towards the maintainers' LLMs for a particular ticket and this whole class of problems will be resolved all at once.
 - wereHamster1 hour ago
 > Add a mechanism to donate tokensOr donate money. Crazy idea, eh?
 - toomuchtodo42 minutes ago
 Some people have tokens but no money. Tokens, like Amazon gift cards and Tide detergent [1], are a form of currency in a way. If people have a currency equivalent they want to spend for your benefit, or the collective benefit, it makes sense (depending on level of effort) to enable them to do so.[1] How Tide Detergent Became a Drug Currency - <a href="https://news.ycombinator.com/item?id=5023204">https://news.ycombinator.com/item?id=5023204</a> - January 2013 (124 comments)(edit: maybe put AI tokens on stablecoin rails as value tokens? could be fun, could move them around instantly between participants on the value rails and could consume them programmatically, if someone implements this idea, buy me a beer!)
 nozzlegear0 minutes ago
 > Some people have tokens but no money.This sounds like a piece of worldbuilding from a Daniel Suarez novel. Who has tokens but no money?
 - SoftTalker52 minutes ago
 And creates a new class of problems. Why not just fork the project and modify it yourself at that point, and cut out the maintainer middleman.
 - arjie5 minutes ago
 I actually do that quite often these days. Keeping synced with upstream is trivial these days with a modern agent. Even just pi with DeepSeek V4 Flash can do it. It's a huge free-rider issue, but there's no way for me to contribute even human changes upstream because I'll be lost in the AI contributions so I don't bother.So almost everything is forked and I then just have the agent keep my changes in sync with upstream. Works like a charm. I suspect my pattern is commonplace.
 - parliament3229 minutes ago
 Why fork at all? Why not just vendor the dependency and slop the changes you want on top of it? You can even pull from upstream down the line for the latest updates.The problem is sloppers really, really want other people to use their code, so they feel useful for doing a bit of prompting, probably to rationalize how much they pay Anthropic et al to do the actual work for them. I just wish they'd direct that money directly to the projects they find useful instead of trying to insert themselves as middlemen.
 - geon43 minutes ago
 Because it is vibecoded garbage.
 - esafak43 minutes ago
 That's the same as donating money, which you can already do.
 - parliament3237 minutes ago
 Well, yes, exactly. And yet nobody but the biggest corp-sponsored projects get anything more than negligible donations. So what does this tell us? These "contributors" are happy to throw money at open source projects as long as they think they're doing something by prompting the LLM?
- qazxcvbnmlp1 hour ago
 Being able to submit an issue, description, test criteria along with a token budget would be pretty cool.
 - arjie2 minutes ago
 There's an amusing attempt at this here: <a href="https://clevercrow.io/" rel="nofollow">https://clevercrow.io/</a>It was on HN here: <a href="https://news.ycombinator.com/item?id=48621645">https://news.ycombinator.com/item?id=48621645</a>
- ramraj071 hour ago
 Thats just a coding agent the "peopple" use via you, with extra steps.