Ladybird browser founder Andreas Kling bans public pull requests, citing low-quality AI-generated contributions

In PufferLib, we just ignore PRs that are not also brought up in the discord or dev streams

@charliermarsh i wonder if it makes sense to encourage ppl to fork and add the change vs submit PRs.

Approval processes can be messy, take time, and a fork+prompt gets you your fix much faster.

@charliermarsh @steipete I don’t blame them at all. Open source is becoming a shit show with people blasting AI-generated PRs and security reports without having a clue about what they’re doing.

https://ladybird.org/posts/changing-how-we-develop-ladybird/

@tison1096 @charliermarsh It's easier for me to just write a better prompt than to review a poorly prompted PR.

@charliermarsh @steipete Main site 😭

Damn, what a turn around

@charliermarsh @grok what is the discussion for?

@tison1096 @charliermarsh I suspect we will head towards many-fork tooling. Less centralized maintenance, and users fork and maintain their own forks as needed. AI tooling makes merging pretty easy.

GH PRs, by default, allow maintainers to make revisions to the dev branch. Or you can fork that dev branch anyway.

When you turn off the PR tab on GH, people can still share patches on the Internet. Tag a PR as AI-Gen, or auto-close it, is logically the same. There is no technical barrier, but it's more of a social decision.

@jlchnc @charliermarsh Motivation for opening PR is complicated IMO: wanting to contribute to something bigger, CV filler, actual bug pain point, etc.

@charliermarsh For critical infrastructure projects this honestly makes sense.

I also have basically zero trust on any public PR now, and manually validate whatever looks actually interesting

@jlchnc @charliermarsh So switch to an issue only model for open source projects and encourage people to link their forks in issues/comments rather than blasting PRs?

@Rockarmy321 @charliermarsh i like this idea too its a lot harder to write a good issue IMO

@charliermarsh I don't handle a huge project such as Ladybird, so I can't know exactly how they feel. But I kinda see this as an excuse not to review PRs. There are already tools to mitigate slop; why not adopt those? With this move, Ladybird is no longer an open source project.

@charliermarsh I love public pull requests

@charliermarsh I created something specifically for this issue. Will only get better over time

@charliermarsh It’s a bummer, but honestly, managing public PRs at that scale sounds like a total nightmare.

the math has flipped. drive-by PRs used to net out positive because review was cheap and trust was cheap. AI-assisted PRs invert both. you spend more time auditing intent than reading code, and a malicious commit shaped like a friendly one is now trivial to generate. closing the door to public PRs is rational defense, not regression.

@charliermarsh Public PRs made sense when review was scarce but human-shaped. With AI, maintainers need a different intake contract: reproducible issue, ownership, and proof, not just more patches.

@charliermarsh not sure 'changing rapidly' holds. sqlite has never taken prs and runs on basically every device alive. is this dynamics shifting or just more projects choosing a model that always existed?