Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document procedure or tips for handling spam contributions on GitHub repositories #3403

Open
kingcomma opened this issue Jan 20, 2023 · 5 comments

Comments

@kingcomma
Copy link
Member

As a maintainer of an open source GitHub repository, I want guidance on how I should respond to spam or disconcerting contributions (comments, issues, pull requests, etc) from unknown users. Who, if anyone, should be notified of concerning activity? What moderation tools are recommended? Should the user be reported to GitHub? Etc.

Background

Multiple 18F teams have experienced these types of contributions. Without a documented procedure, these teams are left to make their own decisions about how to respond on an ad-hoc basis. This new content would ideally systematize future responses.

Pages

Suggest adding this to the existing GitHub page, potentially in the "tips" section: https://handbook.tts.gsa.gov/tools/github/#tips

@kingcomma kingcomma changed the title Document procedure or tips for handling spam comments on GitHub repositories Document procedure or tips for handling spam contributions on GitHub repositories Jan 20, 2023
@kingcomma
Copy link
Member Author

Note: this type of issue is relevant for any open source repository host (GitHub, GitLab, Gitea, etc), but the handbook currently only has a page devoted to GitHub.

@echappen
Copy link
Contributor

Raising my hand to look further into this.

When moderating open source activity, I like having a code of conduct to reference, so that it doesn’t appear that I’m making decisions unilaterally.

TTS has a COC, and we should report offenders who are part of TTS through TTS’s reporting structure. But of course, open source projects can have offenders outside of TTS.

To account for all scenarios, do we have a version of the TTS COC that is suitable for open source work? If not, I propose that we create one. Among other things, this COC would clarify:

  • who has the right and responsibility to enforce standards on open source platforms
  • what these enforcers can and cannot do
  • contact information for people outside of TTS to report behavior
  • anything else I’m missing?

As for who, if anyone, should be notified of concerning activity—I’m not sure, but am willing to look into it. To me, a purpose of reporting activity to the rest of TTS is to identify patterns of behavior across the org and to preemptively warn others of ongoing activity.

@kingcomma
Copy link
Member Author

kingcomma commented Jan 26, 2023

Pulling some examples of contributing guidelines and codes of conduct from other 18F open source projects:

@echappen
Copy link
Contributor

Thanks! It looks like some of these pull from the Contributor Covenant which I was going to suggest pulling from.

Do we think it's necessary to have One COC to Rule Them All, or leave it up to teams to create their own?

@annepetersen
Copy link
Member

digital.gov or USWDS may have some relevant resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants