You quoted a snipped out of context and argued the wrong thing. They don't need to give a good reason for accepting it, that's not the issue. the issue in this thread is taking away the ability to create PRs to begin with. You're overreaching and saying "not only do we offer no warranty or guarantees for this program, but we will actively prohibit others from linking their fixes to issues to prevent you from making the program usable". You don't owe users anything, but your users don't deserve hostility from you either!
Wrong; unsolicited PRs from people who want me to maintain their needs for them are what's hostile. Take the project as-is, fork and maintain it yourself, or pay up.
Why are unsolicited PRs hostile, you have no obligation to even read them? Unless you're saying you're obligated to do something about PRs.
If you want to host public projects, you will always have some responsibility to the public. Similar to how hardware makers shouldn't be making hard to repair their hardware.
If you plant a public tree for example, you may not be responsible if the tree produces a poisonous fruit or not, but if someone puts a sign next to the tree telling people "boil before eating,otherwise it's poisonous", that's their right. But if you don't want your tree to look bad and prevent them from doing so, now you're responsible for any poisoning from the tree. You can either be responsible or not responsible, but you can't be __irresponsible__. You can't act in a manner that you know will harm others, when not doing so costs you nothing, not even a perception of obligation.
If you have the right to turn off PRs, any company out there also has the right to make thing that are hard to repair. I don't want to say anyone who agrees with you on this thread complaining about Google or some other company shutting down your accounts with no explanation either.
Making my code public at all is what costs me nothing. I am already writing it. I am already versioning it with Git. Giving you access to it is either a no-op or is some amount of public good. It can never be a negative. This is what Free Software is. Read Stallman: https://www.gnu.org/philosophy/free-sw.html#four-freedoms
Joke's not on me, that's exactly what I was suggesting. you win! and I agree with that bot as a solution.
Keep your code private if that's your attitude though. You don't want to share your code, you just want free advertisement.
You know what, you wrote your code, you didn't write github, you don't own github and you don't own the interaction github users have regarding public projects.
PRs are not your software. What you need to do is maintain a private git repo, or just make the repo private and post tarballs and builds on the releases page. that will solve the problem even better for you. you'll still be publishing source as well as executables that way. PRs are about github, it's users and their interaction with projects. When you give someone access to a repo, you can't complain when they create a feature branch and request a merge, that's all a PR is. In your case, you want to give people access to source code but not a repository, so do just that and leave people who want to publish a repository alone, or restrict access to your repo to a github organization with people you approve of to make contributions to private repos.
> Keep your code private if that's your attitude though. You don't want to share your code, you just want free advertisement.
There is no money nor mindshare to be had, so advertising is the entirely wrong way to think about it. This is a thought-process warped by the commercial sector. Even if somebody doesn't use my code they are still welcome to learn from it. They're welcome to use it, too, I just don't want to know about it :)
Fair enough. But I go back to my point that you can share source code without hosting a repository and a version control system. version control systems are intended to facilitate collaboration on code, and their exposure implies the intended audience that would perform such collaboration. Making it private shows that collaboration isn't a public affair. You can have a public repo that only hosts releases, or just host releases on your website.
> taking away the ability to create PRs to begin with.
> your users don't deserve hostility from you either!
No one has the right to demand my time to review their PR to my code and explain or justify a rejection. If I don't want to accept PRs, that's a valid choice on my part.
I feel like I'm not even speaking english on this thread. I've said MANY times that project owners owe nothing to anyone, period. You don't owe anything. Ignore the PRs, send them to your junk folder. I don't care.
That has nothing to do with this discussion.
People have a right to propose changes to broken things they use. Your right to ignore them and not provide support is a two-way street. Others also have a right to ignore what you want and propose changes for other users to see.
it's right there is name of the feature "Pull Request", it's a request, not a demand.
If you were operating a non-profit business in person, you can't get mad at people suggesting changes either. You can ignore them for sure, you can pull up some disclaimer or whatever. But it's hostile and mean to prevent people from even stating their opinions and proposing a change.
At that point, make your project private.
You don't owe the public many things, but when you create a project and make it public on a shared hosting site, other users also have rights to make commentary, since you've exposed it as public, and proposals and to assist each other. I'd even go further to say that this counts as intentional interference with users' attempt to fix vulnerable and buggy code, and as such an intentional attempt to harm the public. It's one thing to not guarantee anything about your software, it's another thing to prevent people from trying to fix it.
> You don't owe the public many things, but when you create a project and make it public on a shared hosting site, other users also have rights to make commentary, since you've exposed it as public, and proposals and to assist each other.
Nothing is stopping them from doing that. But they are not entitled to do it on my repo.
It is not on your repo, that's the confusion in this thread. PRs have not made it to your repo yet, you're not entitled to them. It's regarding your repo, but it is not a change or an activity that's made it into your repo. It's people who have checked out a branch on their repo, PRs are a way for those people to publish the changes in their version of your repo -- their version.
What you guys are suggesting on this thread is to prohibit people who gained access to your repo as a result of you making it public (not just the zip/tarball of the code, but the repo) from linking the changes they made in their repo to the original parent repo. They're requesting you merge their changes, but not demanding, and you can ignore them. but that request and linkage helps your users, who are already not being supported by you or given any warrantly of usability of functionality by anyone at all. You're making something available to people and making it harder for them to support each other and fix the software on their own.
There is no confusion about that. I think the confusion is repo being used for both 1) the actual remote git repo hosted by GitHub and 2) the “repo” at GitHub.com/username/project.
I know that opening a PR does not affect the first, but it very much affects the second. For my project both are mine, and just as I have the right to ignore a PR and I have the right to reject any after they’re opened, so too do I have the right to reject PRs before they’re opened.
> their version
And they can keep doing that without cluttering my page.
> what you guys are suggesting…
So what? Who or what states they are entitled to have their changes visible as a request on my repo?
Having publicly accessible issue and PR pages opens breeds the kind of entitlement you are showing here: they do not have a right to open requests on my page any more than people have a “right” to comment on a blog post or a YouTube video. And keeping an issue/PR section available leads people to assume that they have a right to do it simply because they can.
> So what? Who or what states they are entitled to have their changes visible as a request on my repo?
You did, by making the repo public. You didn't make a release tarball public, you made git repository, designed for collaborating on code changes public. In this case, other users of github (including the general public) are exposed to a repository and all that entails. If you have no intention to let others do PRs, you don't need to host a public repository, you just need to host public tarballs of your source code.
> they do not have a right to open requests on my page any more than people have a “right” to comment on a blog post or a YouTube video.
Youtube videos are one-way consumption of media. Git repositories have the concept of merging, which is taking remote repository content and assimilating it with your repo (as you know), that's PRs. public repo = public/open PRs, because that's how a vcs works. You're not hosting a social media content on Github, you're hosting a public version control system, and you have the ability to make it private.
Youtube is hardly a good analogy, perhaps twitter or blue sky is, although even then it's consumed content, not collaboration. In that example though, what you all are proposing here is similar to tweeting but turning off the ability to get "noted" by the community. You have the right to say whatever you want (within the site's policy), but others also have the right to make community corrections (notes) so you won't mislead others.
> you just need to host public tarballs of your source code.
Except now I can do it all on one place.
> public repo = public/open PRs, because that's how a vcs works.
No it’s not. A PR is not a feature of git the vcs, it’s a feature of GitHub the website.
> other have the right to make community corrections
No, others have the ability. They are not an unalienable right to do so. Likewise they don’t have a right on my GitHub repo.
You keep falling back to “because they can, they have a right to”, which I think is obviously incorrect.
And I disagree that this is similar to notes on Twitter. It is comments on YouTube or replies on Twitter; they are by and large used by people to add their opinion on the topic.
> People have a right to propose changes to broken things they use.
Here's the root of your misunderstanding. “Broken” is subjective, relative only to you.
> it's right there is name of the feature "Pull Request", it's a request, not a demand.
That's marketing-speak. It is absolutely a demand. PRs are a growth-hacking feature and are part of how GitHub got to be so dominant. The abuse of social pressure calling someone's project unmaintained was the same mechanism used for the XZ Utils backdoor: https://securelist.com/xz-backdoor-story-part-2-social-engin...
> Here's the root of your misunderstanding. “Broken” is subjective, relative only to you.
This is not a misunderstanding. I want to know what other people subjectively think is broken, and their proposed fixes. So, if I agree with them, I can opt to use their fixes. A lot of time the developer does not want to maintain the added complexity, or does not agree with architectural or design decisions by the contributor, and that's fine. But I, as a user might agree with the contributor. it costs you, as the maintainer nothing to let people propose changes. nothing at all. as others have repeated many times on this thread, you're not even obliged to respond to PRs, it won't even cost you appearance or reputation. You're just annoyed, that's it, and instead of ignoring the thing that annoys you, the solution is hostility.
> That's marketing-speak. It is absolutely a demand.
If you have a contributor policy clearly defined, it isn't. When you publish a project for the public, people will use it, that's the expectation.
Perhaps if github linked your contributor policy that might help. You can also setup an action that will auto-close all PRs, commenting your contributor policy for everyone to see the reason. There are many ways to handle this, but people on this thread are choosing the lazy option that harms users the most. I think part of it might be that many of you have not dealt with projects that benefit heavily from PRs.
> I want to know what other people subjectively think is broken
And I do not. In fact I don't want to hear from anyone who uses my software at all, in any way. My software is for me, not for you, and not for them. If you think it's broken, make your own that isn't.
If your software is only for you, keep it private. Period.
When you make it public, the public have the right to fix it and share their fixes with each other. They can do it on another repo, but they discovered the code through your repo, so the easiest way is by linking it to your repo. If you don't want to hear from people at all, just publish the source without giving anyone access to the repo, or send notifications to junk folder, or use a lockdown bot like in the other post, host it on your own server and publish it on your own site, the solutions for you are endless. For the public, which you've exposed your software to, not so much. and that's the problem.
You should understand that this line of thinking is exactly why everyone is trying to require developers to identify themselves, sign their code,etc... We're depending on software too much to be tolerant of willful sabotage and reckless endangerment (e.g.: security patches).
