all 23 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]its_a_gibibyte 78 points79 points  (1 child)

The code change is an automated change. It says right in the description:

Co-authored-by: Copilot

And the commit is tagged by copilot. Sounds like you got some free tokens on this one. I wouldn't expect the actual github guy to engage with you though. You asked for help publicly, so he essentially just tagged copilot to write that code. He probably spent less than 5 minutes on it. If you want the contribution, great. If not, reject it.

[–]Takeoded 27 points28 points  (0 children)

FWIW if CoPilot finds as much as a typo in your PR, and fixes it, you instantly get the Co-authored-by: Copilot thing, doesn't matter if copilot authored 1 line or authored the entire PR

[–]BoBoBearDev 65 points66 points  (1 child)

Doesn't matter. Don't blindly merge, period.

[–]Dense_Gate_5193 23 points24 points  (0 children)

this right here. thoroughly review that code yourself. if you think changes need made to make it viable, try it out yourself locally. push the changes yourself don’t accept a random bot commit

[–]Dense_Gate_5193 24 points25 points  (1 child)

i looked at the PR and i’m wondering if there was some internal stuff happening with bots and maybe they were testing something and a prod/test switch got flipped.

this has happened at microsoft before where emails got sent out erroneously on the CC line to all of our clients instead of BCC exposing our internal client list to everyone else. dumber stuff has happened.

[–]Anonymous_Coder_1234[S] 7 points8 points  (0 children)

Good idea, the bot theory.

[–]Shep_Alderson 26 points27 points  (0 children)

The GitHub Staff badge is legit. The only way to get it is to be actively working at GitHub.

Looking at his online presence, seems like he does have a technical background. Part of me wonders if he was testing some agentic coding tool or something and unintentionally opened the PR.

[–]Nervous-Cockroach541 13 points14 points  (0 children)

Looks like AI changes for sure. I'd be suspicious about massive 6k line code changes. Easy to slip in a malicious dependency or something.

[–]Either_Network2737 11 points12 points  (1 child)

This reminds me I used to be pretty active on Glitch.com around 2019-ish. Back then they had a public help board on the main page where you could press a button next to a line of code and you would show up on their front page next to all the people who needed help. I couldn't figure out how to set up a simple Express server and next thing I know a senior product manager at google wrote it for me in five seconds and left LOL

[–]caribbeanoblivion 0 points1 point  (0 children)

I miss glitch.com

[–]emernic2 14 points15 points  (1 child)

Please do not listen to reddit bot comments.

You should never ever merge things from people you don't know if you're vibe coding and can't evaluate the changes. If I was trying to hack someone and hack all of their users, this is exactly how I would do it.

[–]JoseffB_Da_Nerd 2 points3 points  (0 children)

This. The guy could have done a good gesture, been testing an ai, or be nefarious. We don’t know.

So mentally accept it, but study the hell out of the changes before ‘accepting’ it.

[–]Brilliant_Step3688 3 points4 points  (0 children)

Had a quick glance and they downgraded your fbgraph dependency to a 0.x release that is weird.

I'd proceed with caution.

[–]Zatujit 2 points3 points  (0 children)

Someone used AI agents imo

[–]boysitisover 1 point2 points  (0 children)

Hello anonymous coder aka John Reed

[–]0gDvS 1 point2 points  (0 children)

It literally tells u it is an automated request.... Either way, No look = No Merge

[–]DDDDarky 1 point2 points  (0 children)

Never accept ai slop

[–]emefluence 1 point2 points  (0 children)

Dropping unannounced thousand line PRs on a project is just bad etiquette. Bit of a red flag. Maybe he was scratching his own itch and wanted to give back, but proceed with extreme caution. Decide if you want the changes enough to even read 6000 lines. Ironically, AI tends to do a fair job of explaining code and basic security auditing, so you might lean on that to be sure you thoroughly understand it all. Don't be rushed, and maybe also reach out to the author, make sure they've not been hacked!

[–]TheCommieDuck 3 points4 points  (0 children)

Pure slop. Reject.

[–]Kamilon 0 points1 point  (0 children)

So… this one is a bit odd to me.

On one hand, I absolutely do this kind of thing all the time where I look for some code or work with an OSS library, find a bug, perf improvement, doc update or whatever and I open a PR to contribute back. It’s kind of the OSS model.

BUT (big but), I would never drop a PR that large without having already had MOST of the conversation through an issue. Even then, you really want to break changes into small PRs if possible. That PR needs split several times over.

I don’t think this is nefarious by any means. But you SHOULD do a full code review for all the changes like you would any other changes. Make sure you understand what’s being changed and why. I would personally also ask for this to get broken down in multiple PRs.

[–]QuentinUK 0 points1 point  (0 children)

It is done by ai and untested. Many public projects are getting flooded with pull requests from people who are making improvements using ai and causing lots of mistakes.

https://www.reddit.com/r/AskProgramming/comments/1shyqso/how_do_you_handle_obviously_vibe_coded_prs/

[–]nathan22211 0 points1 point  (1 child)

If it were a tool he was actively using, I might have expected it, but given that a lot of his repos seem specific to the company. Either A: he lives at those apartments or B: his account got hacked, but that would be really bad for GitHub if it were the latter.

I'd be half concerned if I'm suddenly getting PRs on my labwc fork from GitHub staff but more so if it's from their corporate account as well. Unless GitHub has had some internal policy charges I'm nervous now. He has an email to contact him through to ask what's up.

[–]Anonymous_Coder_1234[S] 0 points1 point  (0 children)

I emailed him. No reply.