How does a potential positive contributor pierce through? If they are not contributing to something already and are not in the network with other contributors? They might be a SME on the subject and legit have something to bring to the table but only operated on private source.
I get that AI is creating a ton of toil to maintainers but this is not the solution.
In my OSS projects I appreciate if someone opens an issue or discussion with their idea first rather than starting with a PR. PRs often put me in an awkward position of saying "this code works, but doesn't align with other directions I'm taking this project" (e.g. API design, or a change making it harder to reach longer term goals)
He answered it in the thread: Basically, the system has no opinion on that, but in his projects he will vouch anyone who introduces themselves like a normal human being when opening a PR.
One solution is to have a screensharing call with the contributor and have them explain their patch. We have already caught a couple of scammers who were applying for a FOSS internship this way. If they have not yet submitted anything non-trivial, they could showcase personal projects in the same way.
FOSS has turned into an exercise in scammer hunting.
It seems like it depends on how the authors have configured Vouch. They might completely close the project except to those on the vouch list (other than viewing the repo, which seems always implied).
Alternatively they might keep some things open (issues, discussions) while requiring a vouch for PRs. Then, if folks want to get vouched, they can ask for that in discussions. Or maybe you need to ask via email. Or contact maintainers via Discord. It could be anything. Linux isn't developed on GitHub, so how do you submit changes there? Well you do so by following the norms and channels which the project makes visible. Same with Vouch.
Looking at this, it looks like it's intended to handle that by only denying certain code paths.
Think denying access to production. But allowing changes to staging. Prove yourself in the lower environments (other repos, unlocked code paths) in order to get access to higher envs.
Honestly, the entire process of open-source contribution is broken. People should just fork and compete on the free 'market'. If you have a good idea / PR, just keep patchsets. People should mix and match the patch sets as they like. Maintainers who want to keep their version active will be forced to merge proper patch sets. The key argument against this is the difficulty integrating patch sets.
This should be easier with AI. Most LLMs are pretty good at integrating existing code.
arcologies1985|21 days ago
mordnis|20 days ago
buovjaga|21 days ago
FOSS has turned into an exercise in scammer hunting.
swordsith|21 days ago
lelandbatey|21 days ago
Alternatively they might keep some things open (issues, discussions) while requiring a vouch for PRs. Then, if folks want to get vouched, they can ask for that in discussions. Or maybe you need to ask via email. Or contact maintainers via Discord. It could be anything. Linux isn't developed on GitHub, so how do you submit changes there? Well you do so by following the norms and channels which the project makes visible. Same with Vouch.
qmarchi|21 days ago
Think denying access to production. But allowing changes to staging. Prove yourself in the lower environments (other repos, unlocked code paths) in order to get access to higher envs.
Hell, we already do this in the ops world.
Halan|21 days ago
anon291|20 days ago
This should be easier with AI. Most LLMs are pretty good at integrating existing code.
judahmeek|19 days ago