I feel like I'm not even speaking english on this thread. I've said MANY times that project owners owe nothing to anyone, period. You don't owe anything. Ignore the PRs, send them to your junk folder. I don't care.

That has nothing to do with this discussion.

People have a right to propose changes to broken things they use. Your right to ignore them and not provide support is a two-way street. Others also have a right to ignore what you want and propose changes for other users to see.

it's right there is name of the feature "Pull Request", it's a request, not a demand.

If you were operating a non-profit business in person, you can't get mad at people suggesting changes either. You can ignore them for sure, you can pull up some disclaimer or whatever. But it's hostile and mean to prevent people from even stating their opinions and proposing a change.

At that point, make your project private.

You don't owe the public many things, but when you create a project and make it public on a shared hosting site, other users also have rights to make commentary, since you've exposed it as public, and proposals and to assist each other. I'd even go further to say that this counts as intentional interference with users' attempt to fix vulnerable and buggy code, and as such an intentional attempt to harm the public. It's one thing to not guarantee anything about your software, it's another thing to prevent people from trying to fix it.

> You don't owe the public many things, but when you create a project and make it public on a shared hosting site, other users also have rights to make commentary, since you've exposed it as public, and proposals and to assist each other.

Nothing is stopping them from doing that. But they are not entitled to do it on my repo.

It is not on your repo, that's the confusion in this thread. PRs have not made it to your repo yet, you're not entitled to them. It's regarding your repo, but it is not a change or an activity that's made it into your repo. It's people who have checked out a branch on their repo, PRs are a way for those people to publish the changes in their version of your repo -- their version.

What you guys are suggesting on this thread is to prohibit people who gained access to your repo as a result of you making it public (not just the zip/tarball of the code, but the repo) from linking the changes they made in their repo to the original parent repo. They're requesting you merge their changes, but not demanding, and you can ignore them. but that request and linkage helps your users, who are already not being supported by you or given any warrantly of usability of functionality by anyone at all. You're making something available to people and making it harder for them to support each other and fix the software on their own.

There is no confusion about that. I think the confusion is repo being used for both 1) the actual remote git repo hosted by GitHub and 2) the “repo” at GitHub.com/username/project.

I know that opening a PR does not affect the first, but it very much affects the second. For my project both are mine, and just as I have the right to ignore a PR and I have the right to reject any after they’re opened, so too do I have the right to reject PRs before they’re opened.

> their version

And they can keep doing that without cluttering my page.

> what you guys are suggesting…

So what? Who or what states they are entitled to have their changes visible as a request on my repo?

Having publicly accessible issue and PR pages opens breeds the kind of entitlement you are showing here: they do not have a right to open requests on my page any more than people have a “right” to comment on a blog post or a YouTube video. And keeping an issue/PR section available leads people to assume that they have a right to do it simply because they can.

> So what? Who or what states they are entitled to have their changes visible as a request on my repo?

You did, by making the repo public. You didn't make a release tarball public, you made git repository, designed for collaborating on code changes public. In this case, other users of github (including the general public) are exposed to a repository and all that entails. If you have no intention to let others do PRs, you don't need to host a public repository, you just need to host public tarballs of your source code.

> they do not have a right to open requests on my page any more than people have a “right” to comment on a blog post or a YouTube video.

Youtube videos are one-way consumption of media. Git repositories have the concept of merging, which is taking remote repository content and assimilating it with your repo (as you know), that's PRs. public repo = public/open PRs, because that's how a vcs works. You're not hosting a social media content on Github, you're hosting a public version control system, and you have the ability to make it private.

Youtube is hardly a good analogy, perhaps twitter or blue sky is, although even then it's consumed content, not collaboration. In that example though, what you all are proposing here is similar to tweeting but turning off the ability to get "noted" by the community. You have the right to say whatever you want (within the site's policy), but others also have the right to make community corrections (notes) so you won't mislead others.

> you just need to host public tarballs of your source code.

Except now I can do it all on one place.

> public repo = public/open PRs, because that's how a vcs works.

No it’s not. A PR is not a feature of git the vcs, it’s a feature of GitHub the website.

> other have the right to make community corrections

No, others have the ability. They are not an unalienable right to do so. Likewise they don’t have a right on my GitHub repo.

You keep falling back to “because they can, they have a right to”, which I think is obviously incorrect.

And I disagree that this is similar to notes on Twitter. It is comments on YouTube or replies on Twitter; they are by and large used by people to add their opinion on the topic.

> People have a right to propose changes to broken things they use.

Here's the root of your misunderstanding. “Broken” is subjective, relative only to you.

> it's right there is name of the feature "Pull Request", it's a request, not a demand.

That's marketing-speak. It is absolutely a demand. PRs are a growth-hacking feature and are part of how GitHub got to be so dominant. The abuse of social pressure calling someone's project unmaintained was the same mechanism used for the XZ Utils backdoor: https://securelist.com/xz-backdoor-story-part-2-social-engin...

> Here's the root of your misunderstanding. “Broken” is subjective, relative only to you.

This is not a misunderstanding. I want to know what other people subjectively think is broken, and their proposed fixes. So, if I agree with them, I can opt to use their fixes. A lot of time the developer does not want to maintain the added complexity, or does not agree with architectural or design decisions by the contributor, and that's fine. But I, as a user might agree with the contributor. it costs you, as the maintainer nothing to let people propose changes. nothing at all. as others have repeated many times on this thread, you're not even obliged to respond to PRs, it won't even cost you appearance or reputation. You're just annoyed, that's it, and instead of ignoring the thing that annoys you, the solution is hostility.

> That's marketing-speak. It is absolutely a demand.

If you have a contributor policy clearly defined, it isn't. When you publish a project for the public, people will use it, that's the expectation.

Perhaps if github linked your contributor policy that might help. You can also setup an action that will auto-close all PRs, commenting your contributor policy for everyone to see the reason. There are many ways to handle this, but people on this thread are choosing the lazy option that harms users the most. I think part of it might be that many of you have not dealt with projects that benefit heavily from PRs.

> I want to know what other people subjectively think is broken

And I do not. In fact I don't want to hear from anyone who uses my software at all, in any way. My software is for me, not for you, and not for them. If you think it's broken, make your own that isn't.

If your software is only for you, keep it private. Period.

When you make it public, the public have the right to fix it and share their fixes with each other. They can do it on another repo, but they discovered the code through your repo, so the easiest way is by linking it to your repo. If you don't want to hear from people at all, just publish the source without giving anyone access to the repo, or send notifications to junk folder, or use a lockdown bot like in the other post, host it on your own server and publish it on your own site, the solutions for you are endless. For the public, which you've exposed your software to, not so much. and that's the problem.

You should understand that this line of thinking is exactly why everyone is trying to require developers to identify themselves, sign their code,etc... We're depending on software too much to be tolerant of willful sabotage and reckless endangerment (e.g.: security patches).

“everyone” lmfao

fair criticism, everyone not in tech then. I meant governments and corporations though, it wasn't meant in the strictest sense obviously.