Cobra Effect on Hactoberfest

GitHub is polluted with unwanted pull requests, what went wrong?

Blogged on by

NonFree OpenSource Unintentional

Cobra icon, Text says Hacktoberfest 2020
Cobra icon, Text says Hacktoberfest 2020

Hacktoberfest? Never heard of it :/

Hacktoberfest is an annual event that occurs every October held by Digital Ocean. The event encourages developers to submit Pull Requests to Open Source repositories and as a reward you earn a limited-edition T-shirt.

Developers must contribute to a minimum of 4 repositories, But there is no upper limit set by Digital Ocean, this is where they went wrong.

Even though Digital Ocean has set up some "Quality standards", it wasn't enough for stop the spam flood.

What went wrong?

Right now it is a blame game, The tweets says it all began because of a YouTuber demonstrated how to do a PR, but he failed at doing a quality contribution.
But, This has happened in the past — every year around the same time (October) — GitHub gets flooded with spam PRs, and this was the reason Digital Ocean updated their rules for contribution.

In the first glance, it seems that the YouTuber is at fault, Most of the PR Spam looks a lot like what he demonstrated. (I am not linking the YouTube video here, it might get deleted by the time you read this article)
Searching GitHub for "Amazing Project" or "Improve Docs" (PR changes he demonstrated in his video) is being widely used for the PR spam! — here is an example.

But is he the only one responsible? No, the issue began with Digital Ocean Not being clear on what needs to be done to qualify.
Providing T-Shirts for PRs was not a good idea to begin with as it just screams the Cobra Effect at their face!

The current implementation by Digital Ocean to fight spam is by labeling PRs with "invalid" or "Spam".
This also means that, the people who never heard of this event will not be able to report this unless they go to Digital Ocean's post on figting spam and understand what's to be done.
They also mentioned that they validate all PRs later in the event, but that will not stop anyone from this abuse.

Anyone can whine, what's your solution?

Before I get to my solution, see what GitHub proposed due to PR spam.

"Need to take a break, or limit which people can send a pull request to your repo?
You can now limit interactions for a period of time. Find it in your project settings › moderation settings › interaction limits."
— GitHub (@github) October 1, 2020

Very Microsoft-y way of tackling problems ;) ...Okay, I'll stop.

Here what can be done.

  1. Digital Ocean could stop current way of Hacktoberfest. But instead they can do a proper hackathon which promotes free and open-source software.
  2. Let the developers improve on some existing repositories or create one of their own on platform of their choice.
  3. Set a limiter on how many repositories are considered. (Right now There is no upper limit)
  4. Reward based on Quality of commits instead of quantity.

Adding a hactoberfest label and mentioning DigitalOcean might help spread word about the hackathon, but it will eventually become a spam. Instead, let developers submit link to the contributed repositories and usernames of developers to validate commits. If anyone starts spamming with meaningless commits, disqualify them after a warning.

Will this stop the PR spam? Yes, to an extent. But the internet will never run out of spammers.

My Recent Blogs

See All Blogs