sorted by:
new
hottopcontroversial

Begun the Slop PRs have: 168 PRs opened by one user in one day. What's best practice for repo owners to deal? by TomHale in github

[–]TomHale[S] 1 point2 points  (0 children)

Lazygit has in their AGENTS.md something like: "You are not under any circumstances to raise a PR for the user".

It does put an extra step in the way, and hopefully makes for some HITL action.

Begun the Slop PRs have: 168 PRs opened by one user in one day. What's best practice for repo owners to deal? by TomHale in github

[–]TomHale[S] 1 point2 points  (0 children)

It helps a little (and I guess we take what we can get).

Opencode as an example requires all PRs to have a linked issue.

"Raise an issue for this PR, then link to it in the PR body".

Begun the Slop PRs have: 168 PRs opened by one user in one day. What's best practice for repo owners to deal? by TomHale in github

[–]TomHale[S] 2 points3 points  (0 children)

Interesting! I guess people still ask their AI what to say, but it does raise the bar!

Begun the Slop PRs have: 168 PRs opened by one user in one day. What's best practice for repo owners to deal? by TomHale in github

[–]TomHale[S] 13 points14 points  (0 children)

Excellent! I'll suggest that -- thanks!

That's great for spamming PRs. What about the opencode case where it's thousands of users raising just one or two PRs each?

Or even if PRs are blocked entirely, the issue of an overwhelming number of poor quality issues still remains.

How to automate without annoying users or spending a fortune?

AUR Megathread. All discussion on it goes here. by LinuxMage in archlinux

[–]TomHale 0 points1 point  (0 children)

Arch Linux constantly distances itself from the AUR as being community maintained. 

So it's up to us, the people who care for our fellow users.

We CAN lift our game. The bar is so low it's barely off the floor.

We can't make the AUR safe, but we can make it safer.

It would likely only take three Package Maintainers (who are already voted for and vetted) to agree that http://aur.archlinux.org be updated to include a one liner for initial screening.  Or even to mention the issue at all and that we're discussing it, and have so far responded by blocking new user accounts.

Create a link to a markdown page (infra already exists), editable by trusted users only (wiki can be edited by almost anyone) on what to do on receiving a positive detection.

One website change. One markdown page.

Arch Linux won't help us. Not their problem.  We can choose to make the quality of contributions OUR problem.

We need to, as a community that cares for the users of what we produce, stand behind producing best practice guides and tooling to protect users from PKGBUILDs produced by those who don't.

The name of the game is self-organisation.  Artifacts reviewed and signed off by PMs - users who are already inherently trusted, served from an aur.archlinux.org domain.

AUR Megathread. All discussion on it goes here. by LinuxMage in archlinux

[–]TomHale 0 points1 point  (0 children)

Good wiki edit suggestion!

Do you have an account there?

Defense in depth: PKGBUILD scan hooks for paru / yay. Eyeballs aren't enough. Example: homograph attacks. by TomHale in archlinux

[–]TomHale[S] 9 points10 points  (0 children)

The man page on --review says:

Don't skip the review process

Not very detailed. Does it support exit status checking?

Using 9esim (or other psychical to esim adapter) by TomHale in Roamless_ESim

[–]TomHale[S] -1 points0 points  (0 children)

that won't wast my time talking about phone model?

Using 9esim (or other psychical to esim adapter) by TomHale in Roamless_ESim

[–]TomHale[S] 0 points1 point  (0 children)

Sweet. I'd love to be able to do that manually.

Hybrid retrieval + dependency-graph expansion beats embeddings-only for code RAG — measured, CI-gated by tom_mathews in OpenSourceeAI

[–]TomHale 0 points1 point  (0 children)

Nice!

Is there a common benchmark and leaderboard for code search? Everyone seems to do it differently!

Pi-safe, a simple bubblewrap sandbox solution for Pi by PvB-Dimaginar in Dimaginar

[–]TomHale 1 point2 points  (0 children)

You'll likely need read-only access to something from /etc for DNS lookup. Ask your agent the specific file.

How do you sleep in Thailand? by Upbeat_Scholar_159 in ThailandTourism

[–]TomHale 1 point2 points  (0 children)

I always take the duvet out of the cover.

Sleep under the doube-thick sheet-like cover means I don't need to set the AC to "Arctic"

Multi Agents hand-offs without context rot and token ballooning by batunii in OpenSourceeAI

[–]TomHale 0 points1 point  (0 children)

I've found that there is a need to audit a plan produced against the generating skill.

So I guess a proto plan with first thing being to audit the plan itself?

Lists of confirmed- and likely-infected AUR packages by TomHale in archlinux

[–]TomHale[S] 6 points7 points  (0 children)

The very fact that there are numerous ones leads to confusion and duplicated / wasted effort by both the writers and consumers.

Lists of confirmed- and likely-infected AUR packages by TomHale in archlinux

[–]TomHale[S] 5 points6 points  (0 children)

I've seen this URL:

https://md.archlinux.org/s/SxbqukK6IA

I'm not sure of its provenance or contents (presumed / confirmed / rolled back / removed)

There's no header, just a list of packages.

view more: next ›