HN
Today

PR spam today looks like email spam in the early 2000s

The open-source landscape is facing an unprecedented deluge of AI-generated pull requests, reminiscent of the early 2000s email spam crisis. This flood of 'PR slop' is overwhelming maintainers and challenging traditional notions of collaboration, sender reputation, and the very value of open-source contributions. Hacker News debates solutions, from personal vetting to blanket bans, as the community grapples with the future of digital trust and meritocracy.

62
Score
51
Comments
#5
Highest Rank
24h
on Front Page
First Seen
Jun 24, 4:00 PM
Last Seen
Jun 25, 4:00 PM
Rank Over Time
126766557671313131317192020172021273030

The Lowdown

The article by Rahul Bathija of Greptile investigates the sudden explosion of low-quality, AI-generated pull requests (PRs) in the openclaw/openclaw GitHub repository. This phenomenon, which saw PR volumes jump from two per week to 3,400 per week, highlights a new challenge for open-source project maintainers, likening it to the email spam problem of the early 2000s.

  • PRs will require sender reputation: Just as email evolved to require sender reputation to combat spam, PRs will need similar trust mechanisms. The OpenClaw data shows higher merge rates for established contributors, and tools like Mitchell Hashimoto's Vouch (a trust management system) are emerging as solutions, even prompting projects like Ghostty to leave GitHub due to the volume of AI-generated "slop."
  • More contributors won't help if they all think the same way: Linus Torvalds' "given enough eyeballs, all bugs are shallow" principle relies on diverse perspectives. However, if contributors rely on the same AI coding agents with similar prompts, their contributions become homogeneous, leading to multiple identical or near-identical PRs for the same problem, negating the benefit of diverse thought.
  • What's actually getting merged: The data reveals that contributions requiring deep understanding of the existing codebase (refactors, complex architectural choices) have a significantly higher merge rate (35%) than novel features (9%). This suggests that "thinking matters more than typing" and AI agents are not yet capable of the nuanced understanding required for valuable contributions in complex systems.

While AI agents can dramatically accelerate open-source development, they also introduce significant challenges related to identity, reputation, and contribution validation. The open-source community must adapt by building new primitives to manage this influx, much like it has overcome difficult problems in the past.

The Gossip

Motivation for the Maelstrom

Users discuss the underlying motivations for the surge in AI-generated PRs. Many believe it's driven by job seekers looking to pad their resumes or meet academic requirements, often leading to low-effort contributions. Some frame it as a "purely selfish" act for personal branding, while others suggest it could stem from genuine, albeit misguided, attempts to help by individuals who lack the deep project understanding necessary for meaningful contributions.

Safeguarding Software from Slop

The community proposes various strategies to combat the influx of low-quality, AI-generated PRs. Suggestions include requiring non-textual interactions (like video calls) for new contributors, implementing blanket bans on AI-generated content in personal repositories, or adopting a workflow where maintainers rewrite and merge accepted ideas themselves. The idea of encouraging financial donations to projects instead of code contributions is also discussed as a way to filter out resume-driven efforts.

Spam's Shifting Sands

Commenters debate the article's core analogy of PR spam to early 2000s email spam. While some agree on the need for sender reputation and automated filtering in both scenarios, others highlight crucial differences. They note that email reputation is typically tied to servers/domains rather than individual users, and that certain email functions (like account recovery) cannot be simply 'filtered' in the same way as unsolicited PRs, questioning the direct applicability of email-based solutions.

Credentialing Crisis

The discussion explores how the proliferation of AI-generated contributions impacts the perceived value of open-source work for hiring and career development. Many argue that open-source contributions are becoming a "worthless" metric for evaluating candidates due to the ease of creating superficial entries. There's speculation on how hiring practices might adapt, with some suggesting that a stance against using LLMs for coding might eventually become a valuable differentiator for job applicants.