New tools for open source maintainers

We’re making it easier for maintainers to grow healthy open source communities on GitHub with minimized comments, retired namespaces for popular projects, and new pull request requirements.

|
| 3 minutes

Whether you want to make repository conversations more productive or keep your code safe from accidental pull requests, our new maintainer tools are for you. Minimized comments, retired namespaces for popular projects, and new pull request requirements are just a few of the ways we’re making it easier for maintainers to grow healthy open source communities on GitHub.

Here’s some more information about how they work:

Minimized comments

Developers use comments in issues and pull requests to have conversations about the software they’re building on GitHub, but not all of the comments are equally constructive. Sometimes contributors share comments that are off-topic, misleading, or offensive.

While maintainers can edit or delete disruptive comments, they may not feel comfortable doing this, and it doesn’t allow the comment author to learn from their mistake. As part of our tiered moderation tools available to project owners, maintainers can now click in the top-right corner to minimize and hide comments—in addition to editing, deleting, or reporting them.

Minimized comments will be hidden by default with a reason for why it was minimized, giving more space to the comments that advance the conversation. Developers who view the project can choose to temporarily expand minimized comments by clicking “Show comment”.

Learn more about minimized comments

Many package managers allow developers to identify packages by the maintainer’s login and the project name, for example: Microsoft/TypeScript or swagger-api/swagger-codegen. This is an efficient way to describe a dependency, but sometimes maintainers delete or rename their accounts, allowing developers to intentionally or unknowingly create projects with the same name.

To prevent developers from pulling down potentially unsafe packages, we now retire the namespace of any open source project that had more than 100 clones in the week leading up to the owner’s account being renamed or deleted. Developers will still be able to sign up using the login of renamed or deleted accounts, but they will not be able to create repositories with the names of retired namespaces.

Accidental and “drive-through” pull request prevention

Popular open source projects receive lots of pull requests. While most of them are constructive, occasionally project owners receive a pull request from a collaborator who suggests changes from a stale branch or another collaborator’s fork.

Since the author can’t always respond to feedback on the proposed changes, these pull requests create noise for maintainers and do little to push the project forward.

To minimize noise, we no longer allow pull requests from contributors unaffiliated with the project or the changes proposed. Specifically, pull requests will be restricted if:

  • There’s no explanation of changes in the body of the pull request, and
  • The author is not a bot account, and
  • The author is not the owner or a member of the owning organization, and
  • The author doesn’t have push access to the head and the source branches

This should not affect automated workflows, private repositories, or repositories on GitHub Enterprise.

Learn more

If you have questions about how these tools make it easier for your to grow welcoming communities around your project, check out this guide on building open source communities or get in touch with us.

Written by

Ben Balter

Ben Balter

@benbalter

Ben Balter is Chief of Staff for Security at GitHub, the world’s largest software development platform. Previously, as a Staff Technical Program manager for Enterprise and Compliance, Ben managed GitHub’s on-premises and SaaS enterprise offerings, and as the Senior Product Manager overseeing the platform’s Trust and Safety efforts, Ben shipped more than 500 features in support of community management, privacy, compliance, content moderation, product security, platform health, and open source workflows to ensure the GitHub community and platform remained safe, secure, and welcoming for all software developers. Before joining GitHub’s Product team, Ben served as GitHub’s Government Evangelist, leading the efforts to encourage more than 2,000 government organizations across 75 countries to adopt open source philosophies for code, data, and policy development.

Related posts