Hacker News new | past | comments | ask | show | jobs | submit login

I think blocking the PR author instead of the original project is a good move. Adding more manual labor to maintainers, not so much.

I don’t have an alternative solution, though. I wish it would at least pass through PRs opened from GitHub citizens with some form of reputation.




After Github has enough data, it can automatically identify malicious contributors. Facebook, Twitter, already do this for spam. But you are still going to need manual reports to get data.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: