TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

61% Positive

Analyzed from 2918 words in the discussion.

Trending Topics

#code#don#open#prs#llm#source#llms#maintainer#more#feature

Discussion (104 Comments)Read Original on HackerNews

boricjabout 3 hours ago
I've been on both ends of this.

As the maintainer of ghidra-delinker-extension, whenever I get a non-trivial PR (like adding an object file format or ISA analyzer) I'm happy that it happens. It also means that I get to install a toolchain, maybe learn how to use it (MSVC...), figure out all of the nonsense and undocumented bullshit in it (COFF...), write byte-perfect roundtrip parser/serializer plus tests inside binary-file-toolkit if necessary, prepare golden Ghidra databases, write the unit tests for them, make sure that the delinked stuff when relinked actually works, have it pass my standards quality plus the linter and have a clean Git history.

I usually find it easier to take their branch, do all of that work myself (attributing authorship to commits whenever appropriate), push it to the master branch and close the PR than puppeteering someone halfway across the globe through GitHub comments into doing all of that for me.

Conversely, at work I implemented support for PKCS#7 certificate chains inside of Mbed-TLS and diligently submitted PRs upstream. They were correct, commented, documented, tested, everything was spotless to the implicit admission of one of the developers. It's still open today (with merge conflicts naturally) and there are like five open PRs for the exact same feature.

When I see this, I'm not going to insist, I'll move on to my next Jira task.

eschneiderabout 3 hours ago
This seems...fine?

I know when I run into bugs in a project I depend on, I'll usually run it down and fix it myself, because I need it fixed. Writing it up the bug along with the PR and sending it back to the maintainer feels like common courtesy. And if it gets merged in, I don't need to fork/apply patches when I update. Win-win, I'd say.

But if maintainers don't want to take PR's, that's cool, too. I can appreciate that it's sometimes easier to just do it yourself.

hunterpayneabout 3 hours ago
Somehow, this seems like a serious negative consequence of LLMs to me. We should consider how security patches move through the ecosystem. Changes like this are understandable but only because PRs from LLMs are so bad and prolific. When a new exploit is discovered, the number of sites that require a change goes up exponentially due to LLMs not using libraries. At the same time, the library contributors will likely not know to change their code in view of the new exploit. This doesn't seem like healing, more like being dissolved and atomized to the point of uselessness.
bawolffabout 3 hours ago
I think every maintainer should be able to say how they want or don't want others to contribute.

But i feel like it was always true that patches from the internet at large were largely more trouble then they were worth most of the time. The reason people accept them is not for the sake of the patch itself but because that is how you get new contributors who eventually become useful.

sfjailbirdabout 3 hours ago
Given that submitters are just using LLMs to produce the PR anyway, it makes sense that the author can just run that prompt himself. Just share the 'prompt' (whether or not it is actually formatted as a prompt for an LLM), which is not too different than a feature request by any other name.
vlapecabout 3 hours ago
+1
pkulakabout 3 hours ago
Forking and coming back is what I like to do. At this very moment I've got a forked project that I'm actively using and making tiny changes to as things come up in my workflow. In another week or two, when I'm certain that everything is working great and exactly how I want it, I'll file an issue and ask if they are interesting in taking in my changes; mostly as a favor to me so I don't have to maintain a fork forever.
pncnmnpabout 3 hours ago
I have come to a similar realization recently - its what I call "Take it home OSS" - i.e. fork freely, modify it to your liking using AI coding agents, and stop waiting for upstream permissions. We seem to be gravitating towards a future where there is not much need to submit PRs or issues, except for critical bugs or security fixes. It's as if OSS is raw material, and your fork is your product.
dTalabout 3 hours ago
Won't be much "raw material" left before long, if everyone takes that view.
ncrucesabout 3 hours ago
I agree with this.

Past month or so I implemented a project from scratch that would've taken me many months without a LLM.

I iterated at my own pace, I know how things are built, it's a foundation I can build on.

I've had a lot more trouble reviewing similarly sized PRs (some implementing the same feature) on other projects I maintain. I made a huge effort to properly review and accept a smaller one because the contributor went the extra mile, and made every possible effort to make things easier on us. I rejected outright - and noisily - all the low effort PRs. I voted to accept one that I couldn't in good faith say I thoroughly reviewed, because it's from another maintainer that I trust will be around to pick up the pieces if anything breaks.

So, yeah. If I don't know and trust you already, please don't send me your LLM generated PR. I'd much rather start with a spec, a bug, a failing test that we agree should fail, and (if needed) generate the code myself.

gavmorabout 3 hours ago
> there's this common back-and-forth round-trip between the contributor and maintainer, which is just delaying things.

Delaying what?

pclowesabout 3 hours ago
Merging code
mogohabout 3 hours ago
There would be no merge if there isn't a PR in the first place.
pclowesabout 3 hours ago
This isn’t about the PR. This is about the back-and-forth.

If the maintainer authors every PR they don’t have to waste time talking with other people about their PR.

clutter55561about 3 hours ago
If they are willing to feed a bug report to their LLM, then perhaps they can also feed a bug report + PR to their LLM and not make a big fuss out it.

Also, at the point they actively don’t want collaboration, why do open source at all?

Strange times, these.

singpolyma3about 3 hours ago
Open source is about sharing and forking, not collaboration.

Collaboration is a common pattern in larger projects but is uncommon in general

clutter55561about 3 hours ago
A PR, at best, is collaboration, not a transaction.
mvvlabout 3 hours ago
This is only going to get worse with LLMs. Now people can "contribute" garbage code at 10x the speed. We're entering the era of the "read only" maintainer focused on self-defense.
vlapecabout 3 hours ago
...that assumes LLMs will contribute garbage code in the first place. Will they, though?
Advertisement
ChrisMarshallNYabout 2 hours ago
> Users telling me what works well and what could be improved can be very helpful.

That's a unicorn.

If I'm lucky, I get a "It doesn't work." After several back-and-forths, I might get "It isn't displaying the image."

I am still in the middle of one of these, right now. Since the user is in Australia, and we're using email, it is a slow process. There's something weird with his phone. That doesn't mean that I can't/won't fix it (I want to, even if it isn't my fault. I can usually do a workaround). It's just really, really difficult to get that kind of information from a nontechnical user, who is a bit "scattered," anyway.

arjieabout 2 hours ago
Realistically, there are a much larger set of things that I don't mind forking these days. It is quite a bit of effort to get to a set of things that mostly don't have bugs, but in the past I might fork a few things[0] but these days, I vendor everything, and some things I just look at the feature list and have Claude rebuild it for me. So I totally understand why actual project maintainers and authors wouldn't want input. I, as a user, am not super eager to buy in to the actual maintainers' future work. It would be super surprising that they want to buy into strangers' work.

0: I liked BurntSushi's Rust projects since they are super easy to edit because they're well architected and fast by default. Easy to write in.

dpc_0123443 minutes ago
I'm currently running on a fork of Helix text editor, which I heavily gutted to replace the block cursor with a beam-style (like one in insert mode, but just all the time). Since the maintainers are drowning in PRs (472 open ATM), I understandably don't expect them to have time for my weird ideas. Then I pile on top whatever PRs I want that I find useful out of these 472, and with a little bit of LLM help I have a very different text editor than the upstream.
arjie12 minutes ago
That's exactly the same viewpoint I have.

How do you like Helix as a starting point? Currently, I'm having Claude write a little personal text editor with CodeEditTextView as a starting point and now that I saw your comment I suddenly realized I mostly like using a modal editor and only didn't do it here because I'm moving from a webpage (where Vimium style stuff never appealed to me). Good hint that. I wonder if neovim's server mode will be helpful to me.

samuelknightabout 3 hours ago
> On top of that, there are a lot of personal and subjective aspects to code. You might have certain preferences about formatting, style, structure, dependencies, and approach, and I have mine.

Code formatting is easy to solve. You write linting tests, and if they fail the PR is rejected. Code structure is a bit tricker. You can enforce things like cyclomatic complexity, but module layout is harder.

petetntabout 2 hours ago
Luckily we have had the perfect paradigm for this kind of mindset for decades: proprietary software. The spirit of open source is already essentially dead due to it being co-opted by companies and individuals working only for their own gain, and for it to rise again we probably need a total reset.
porphyraabout 3 hours ago
Maybe instead of submitting PRs, people should submit "prompt diffs" so that the maintainer can paste the prompt into their preferred coding agent, which is no doubt aware of their preferred styles and skills, and generate the desired commit themselves.
acedTrexabout 3 hours ago
Why would anyone bother doing this, prompts are not code, they are not shareable artifacts that give the same results.
travisjungrothabout 3 hours ago
Neither are bug reports or feature requests.
freetime2about 3 hours ago
Couldn't you also just have an LLM review the PR and quickly fix any issues? Or even have it convert the PR into a list of specs, and then reimplement from there as you see fit?

I guess my point being that it's become pretty easy to convert back and forth between code and specs these days, so it's all kind of the same to me. The PR at least has the benefit of offering one possible concrete implementation that can be evaluated for pros and cons and may also expose unforeseen gotchas.

Of course it is the maintainer's right to decide how they want to receive and respond to community feedback, though.

warmwafflesabout 3 hours ago
> Couldn't you also just have an LLM review the PR and quickly fix any issues? Or even have it convert the PR into a list of specs, and then reimplement from there as you see fit?

Sometimes I'm not a fan of the change in its entirety and want to do something different but along the same lines. It would be faster for me to point the agent at the PR and tell it "Implement these changes but with these alterations..." and iterate with it myself. I find the back and forth in pull requests to be overly tiresome.

idiotsecantabout 3 hours ago
Why not just have the LLM write the PR in the first place? Because LLMs are imperfect tools. At least for the foreseeable future the human in the loop is still important
freetime2about 3 hours ago
I am assuming that, for the vast majority of code changes moving forward, the PR will be written by an LLM in the first place.
cadamsdotcomabout 2 hours ago
Yes, reviewing might take 1 hour but taking the PR and using it to guide an implementation also takes 1 hour.

Thank your contributor; then, use the PR - and the time you’d have spent reviewing it- to guide a reimplementation.

shell0xabout 2 hours ago
My coworkers just let Claude review the PR now instead of reading the code. It seems the entire contract is broken now.

Submitters use LLMs to generate the code and reviewers use LLMs to review it.

c0wb0yc0d3rabout 1 hour ago
> Submitters use LLMs to generate the code and reviewers use LLMs to review it.

This just like my favorite, “We can use LLMs to write the code and write the tests.”

jerkstateabout 3 hours ago
Thats fine, the cost for me to re-implement your code is nearly zero now, I don’t have to cajole you into fixing problems anymore.
OkayPhysicistabout 3 hours ago
This is obviously in an open source environment. You never needed to cajole them into fixing problems, you could just fix it yourself. That was always an option. That's literally the entire point of open source.
charcircuitabout 3 hours ago
People doing work doing work that you can take for free to make money off of is another big point of open source you can't ignore.
torvoborvoabout 3 hours ago
It seems like quite a tower of babel just waiting to happen.. All those libraries that once had thought go into tangled consequences of supporting new similar features and once had ways to identity for their security updates needed will all just be defective clones with 5%-95% compatibility for security exploits and support for integrations that are mostly right but a little hallucinated?
Lercabout 3 hours ago
I think it's more likely that libraries will give way to specified interfaces. Good libraries that provide clean interfaces with a small surface area will be much less affected by thos compared to frameworks that like to be a part of everything you do.

The JavaScript ecosystem is a good demonstration of a platform that is encumbered with layers that can only ever perform the abilities provivded by the underlying platform while adding additional interfaces that, while easier for some to use, frequently provide a lot of functionality a program might not need.

Adding features as a superset of a specification allows compatibility between users of a base specification, failure to interoperate would require violating the base spec, and then they are just making a different thing.

Bugs are still bugs, whether a human or AI made them, or fixed them. Let's just address those as we find them.

tshaddoxabout 3 hours ago
The cost of forking open source code was always effectively zero.
marctaabout 3 hours ago
It's not really, because you now have the cost of maintaining that fork, even if it's just for yourself.
bawolffabout 3 hours ago
Which is still true in our brave new llm world.
pydryabout 3 hours ago
Given the supposed quality of top flight models there ought to be a lot more people forking open source projects, implementing missing features and releasing "xyz software that can do a and b".

Somehow it's not really happening.

jaggederestabout 3 hours ago
I've actually been doing this for my own purposes - an adhoc buggy half-implemented low latency version of Project Wyoming from home assistant.

Repo, for those interested: https://github.com/jaggederest/pronghorn/

I find that the core issues really revolve around the audience - getting it good enough that I can use it for my own purposes, where I know the bugs and issues and understand how to use it, on the specific hardware, is fabulous. Getting it from there to "anyone with relatively low technical knowledge beyond the ability to set up home assistant", and "compatible with all the various RPi/smallboard computers" is a pretty enormous amount of work. So I suspect we'll see a lot of "homemade" software that is definitely not salable, but is definitely valuable and useful for the individual.

I hope, over the long to medium term, that these sorts of things will converge in an "rising tide lifts all boats" way so that the ecosystem is healthier and more vibrant, but I worry that what we may see is a resurgence of shovelware.

philipkglassabout 3 hours ago
I have already forked open source software to fix issues or enhance it via coding agents. I put it on github publicly, so other people can use it if they see it, but I don't announce it anywhere. I don't want to deal with user complaints any more than the current maintainers do. (I'm also not going to post my github profile here since it has my legal name and is trivially linked to my home address.)
LostMyLoginabout 3 hours ago
Because it still requires the desire to do it.
_verandaguyabout 3 hours ago
This is an unethical take, and long-term and at scale, an unsustainable/impractical one. This kind of mindset results in tool fragmentation, erosion of trust, and ultimately worse quality in software.
GaryBlutoabout 3 hours ago
So you're saying people forking open source software is "unethical"? What is open source then? Just a polite offer that it is rude to accept?

As a sidenote: what's with the usage of "take" to designate an opinion instead of the word "opinion" or "view"?

igorzukabout 1 hour ago
Bugs aside, code generated by an LLM is NOT more trustworthy than a drive-by PR, you should review them just as closely. The slop machine doesn't care, it will repeat whatever pattern it found on the Internet no matter who originally wrote it and with what intent. There have been attacks poisoning LLMs with malicious snippets and there will be many more.
Mathnerd314about 3 hours ago
The author sounds like he actually responds to feature requests, though. Typical behavior I'm seeing is that the maintainer just never checks the issue tracker, or has it disabled, but is more likely to read PR's.
Advertisement
mactavish88about 3 hours ago
Great example of how to set boundaries. The open source community is slowly healing.
bawolffabout 3 hours ago
I don't think this is an example of setting boundries. Usually a boundry would be stopping people from making you do work you don't want to do.

This is just a change in position of what work is useful for others to do.

woeiruaabout 3 hours ago
I agree with this mindset. Instead of submitting code diffs, we should be submitting issues or even better tests that prove that bugs exist or define how the functionality should work.
vicchenaiabout 3 hours ago
had the same realization last year after getting a few obviously AI-generated PRs. reviewing them took longer than just writing it myself. maybe the right unit of contribution is going back to being the detailed bug report / spec, not the patch
krickabout 3 hours ago
It's good that he is upfront about it, but this surely shouldn't be taken as a general advice, since everybody has his own preferences. So this really shouldn't be a blogpost, but rather a "Contributing Guidelines" section in whatever projects he maintains.
caymanjimabout 3 hours ago
I firmly believe the author's stance should be the default policy of just about every open source project. I don't even write my own code anymore, I sure as hell don't want to deal with your code.

Give me ideas. Report bugs. Request features. I never wanted your code in the first place.

acedTrexabout 3 hours ago
If i do the work for a feature im usually already using it via fork, i offer the patch back out of courtesy. Up to you if you want it I'm already using it.
gueloabout 3 hours ago
It's interesting that this is the opposite of Steve Yegge's conclusion in his Vibe Maintainer article where he says he's merging 50(!) contributor PRs a day.

https://steve-yegge.medium.com/vibe-maintainer-a2273a841040

lou1306about 3 hours ago
> On top of that, there are a lot of personal and subjective aspects to code. You might have certain preferences about formatting, style, structure, dependencies, and approach, and I have mine.

95% of this is covered by a warning that says "I won't merge any PR that a) does not pass linting (configured to my liking) and b) introduces extra deps"

> With LLMs, it's easier for me to get my own LLM to make the change and then review it myself.

So this person is passing on free labour and instead prefers a BDFL schema, possibly supported by a code assistant they likely have to pay for. All for a supposed risk of malice?

I don't know. I never worked on a large (and/or widely adopted) open-source codebase. But I am afraid we would've never had Linux under this mindset.

xantronixabout 3 hours ago
I'm with the author here; I don't really feel like dealing with people's PRs on my personal projects. The fact that GitHub only implemented a feature to disable PRs in February is absolutely baffling to me, but I'm glad it's there. Just because a project's source code is made available to the public under a permissive license does not mean the maintainer is under any obligation to merge other people's changes.

It feels like a lot of people assume a sense of entitlement because one platform vendor settled on a specific usage pattern early on.

OkayPhysicistabout 3 hours ago
> 95% of this is covered by a warning that says "I won't merge any PR that a) does not pass linting (configured to my liking) and b) introduces extra deps"

Maybe I'm not up to date with the bleeding edge of linters, but I've never seen one that adequately flags

    let out = []
    for(let x of arr){
      if(x > 3){
        out.append(x + 5)
      }
    }
Into

   let out = arr
             .filter(x => x > 3)
             .map(x => x + 3)
There's all sorts of architectural decisions at even higher levels than that.
well_ackshuallyabout 3 hours ago
Indeed, yours has both more allocations and a bug (+3 instead of +5)
stavrosabout 3 hours ago
No. When code is cheaper to generate than to review, it's cheaper to take a (well-written) bug report and generate the code yourself than to try to figure out exactly what the PR does and whether it has any subtle logical or architectural errors.

I find myself doing the same, nowadays I want bug reports and feature requests, not PRs. If the feature fits in with my product vision, I implement and release it quickly. The code itself has little value, in this case.

teachabout 3 hours ago
I definitely trust my local LLM where I know the prompt that was used. Even if the code generated ends up being near-identical, it'll be way faster to review a PR from someone or something I trust than from some rando on the Internet
vatsachakabout 2 hours ago
LLM psychosis
tonymetabout 2 hours ago
PRs come from your most engaged community members. By banning PRs you won’t get more contributions, you will discourage your (current and future) most active members.
cmrdporcupineabout 2 hours ago
Yes I feel very much like what I really want from people is very detailed bug reports or well thought through feature requests and even well specified test scenarios [not in code, but in English or even something more specified]

I know my code base(s) well. I also have agentic tools, and so do you. While people using their tokens is maybe nice from a $$ POV, it's really not necessary. Because I'll just have to review the whole thing (myself as well as by agent).

Weird world we live in now.

Advertisement
yieldcrvabout 3 hours ago
I like how fast this is changing

The fact-of-life journaling about the flood of code, the observation that he can just re-prompt his own LLM to implement the same feature or optimization

all of this would have just been controversial pontificating 3 months ago, let alone in the last year or even two years. But all of a sudden enough people are using agentic coding tools - many having skipped the autocomplete AI coders of yesteryear entirely - that we can have this conversation

grebcabout 3 hours ago
Why bother having a public repository?
clutter55561about 3 hours ago
My thoughts exactly.