Toggle Settings and Themes
Site Preferences

*The preferences are saved using cookies because this website does not use Javascript.
To clear the cookies, select Clear Cookies and click submit, this will also reset all the preferences to default.
The cookies are not used for analytics, read the privacy policy for more details.

Cobra Effect on Hactoberfest

GitHub is polluted with unwanted pull requests, what went wrong? And what could have been done to prevent it?

This page was published on .

Hacktoberfest? Never heard of it :/

Hacktoberfest is an annual event that occurs every October held by Digital Ocean. The event encourages developers to submit Pull Requests to Open Source repositories and as a reward you earn a limited-edition T-shirt.

Developers must contribute to a minimum of 4 repositories, But there is no upper limit set by Digital Ocean, this is where they went wrong.

Even though Digital Ocean has set up some Quality standards, it wasn't enough for stop the spam flood.

What went wrong?

Right now it is a blame game, The tweets says it all began because of a YouTuber demonstrated how to do a PR, but he failed at doing a quality contribution.
But, This has happened in the past — every year around the same time (October) — GitHub gets flooded with spam PRs, and this was the reason Digital Ocean updated their rules for contribution.

In the first glance, it seems that the YouTuber is at fault, Most of the PR Spam looks a lot like what he demonstrated. (I am not linking the YouTube video here, it might get deleted by the time you read this article)
Searching GitHub for Amazing Project or Improve Docs (PR changes he demonstrated in his video) is being widely used for the PR spam! — here is an example.

But is he the only one responsible? No, the issue began with Digital Ocean Not being clear on what needs to be done to qualify.
Providing T-Shirts for PRs was not a good idea to begin with as it just screams the Cobra Effect at their face!

The current implementation by Digital Ocean to fight spam is by labeling PRs with invalid or Spam.
This also means that, the people who never heard of this event will not be able to report this unless they go to Digital Ocean's post on figting spam and understand what's to be done.
They also mentioned that they validate all PRs later in the event, but that will not stop anyone from this abuse.

Anyone can whine, what's your solution?

Before I get to my solution, see what GitHub proposed due to PR spam.

Need to take a break, or limit which people can send a pull request to your repo?
You can now limit interactions for a period of time. Find it in your project settings › moderation settings › interaction limits.
— GitHub (@github) October 1, 2020

Very Microsoft-y way of tackling problems ;) ...Okay, I'll stop.

Here what can be done.

  1. Digital Ocean could stop current way of Hacktoberfest. But instead they can do a proper hackathon which promotes free and open-source software.
  2. Let the developers improve on some existing repositories or create one of their own on platform of their choice.
  3. Set a limiter on how many repositories are considered. (Right now There is no upper limit)
  4. Reward based on Quality of commits instead of quantity.

Adding a hactoberfest label and mentioning DigitalOcean might help spread word about the hackathon, but it will eventually become a spam. Instead, let developers submit link to the contributed repositories and usernames of developers to validate commits. If anyone starts spamming with meaningless commits, disqualify them after a warning.

Will this stop the PR spam? Yes, to an extent. But the internet will never run out of spammers.

About me

Coding Otaku Logo

I'm Rahul Sivananda (he/him), the Internet knows me by the name Coding Otaku. I work as a Full-Stack Developer (whatever that means) in London.

I care about Accessibility, Minimalism, and good user experiences. Sometimes I write stories and draw things.

Get my cURL card with curl -sL
Find me on Mastodon, Codeberg, or Peertube.
Subscribe to my feeds.

Continue Reading



All my blogs can be subscribed to using RSS(Atom) or JSON feeds, if you do not know how to use feeds, I have a page with instructions on how to do that.


Note: All comments are held for moderation before publishing it!

The comments can be deleted if you have not cleared the cookies. If you clear the cookies and want your comment(s) to be deleted, please send me an email from the email address you submitted when commenting (I will also consider the email from your website domain).

Anonymous comments cannot be deleted if you clear the cookies as I have no way of knowing who commented.

The comment forum, a unique id will be stored as a cookie in your browser to save the session.

Recent Blogs

Subscribe via Atom or JSON feeds.