ScanOSS spams OSS projects for using profanity - 4 minutes read






Vega has asked me to relay this here since you have blocked further communication:

I really like how their (ScanOSS') words say one thing, but their action speak the exact opposite. (Except Julian's most recent comment, which was made while I was writing this comment, outright makes it clear the initial "apology" was dishonest and insincere).


And the rest is aimed at Julian (and the rest of ScanOSS):



We really don't need to put any mechanisms in place for this not to happen again. This isn't something we do on a regular basis and, as I mentioned, anyone could contribute to any repo as long as it adheres to Github's ToS.

Automated spamming like your "experiment" is against Github's ToS. Opening meaningless issues — which is another category your "inappropriate language detected" spam belongs to — is likewise against Github's ToS.



(and the Open Source license of your choice under which your contribution was released)

Several of the repositories you spammed were not released under any open source license, as indicated by the lack of LICENSE.MD in said repositories. The default github license gives you the right to view and fork repositories, but as per this helpful page, you aren't free to reproduce, distribute, or create derivative works in public repos outside of Github when the repo doesn't contain a LICENSE.md granting you those rights.


This is something that every programmer needs to be aware of, especially if they're working for a company that only releases proprietary products. Julian — as a CTO of your organization per your bio, you should be very well aware of this.



If you are not willing to receive contributions from the community,

We are often willing to accept meaningful contributions from the community. Meaningful contributions being:



your project doesn't work for me under these circumstances (also known as: "bug report")
please extend the functionality of your project by adding feature X (also known as: "feature request")
hey, I found a bug in your code and fixed it (also known as: "pull request")

These are the three main categories of contributions we are interested in, and your language policing (aka "we found this naughty word that offends nobody in particular) fits neither. It is, by any metric, NOT a meaningful contribution — so don't get too mad when people ask you stop, apologize, and commit to never ever doing it again. Github seems to agree — if your spamming were not a violation of Github ToS, your spamfest wouldn't get your -sentry-bot account restricted.


Consider this: even GitHub's own dependabot is something you have to actively opt-in to. If you don't, dependabot will leave your repositories alone — even though dependabot is far more useful than your "experiment."


Furthermore:



If you are not willing to receive contributions from the community, if you are not interested in your Open Source contribution gaining adoption, or if you prefer people to sign special agreements to make contributions, perhaps you are better off closing down your repository, making it private.

This is an outright bad logic and a very offensive suggestion. Just because people are not willing to accept contributions — especially useless spam like your language policing — that doesn't mean we should mark our repos as private. Some people want to throw out their code as a "hey I did this. Use this if you want, but don't bother me with issues," and that's completely valid. Some people put their code, with public visibility, on a trusted platform as a matter of transparency. You should stop acting as if that were an invalid usecase for github, because it's really not.


Yes, I am writing this on a throwaway account.




Source: Github.com

Powered by NewsAPI.org