GitHub Banned All CI for Our (OSS) Org Because of Bad Drive-By Contributors
5 comments
I have to use 2FA to log in to GitHub. How are the AI bots doing it? It was supposed to block the bots.
Time-based codes (TOTP / RFC 6238) can be completely automated, that is not bot prevention by any means.
I just use my password to login to my free github account, bu it's not like 2FA stops bots anyway. It just makes it a little harder.
2FA was for the safety of your account, not to block bots.
As we'd already had plenty of reasons to move off of GitHub (downtime, a website that has gotten consistently slower due to massive increases in client-side JS without new features over the past decade, PRs that won't load once they get past 50 comments, contributors getting banned (without crypt-mining) leading to potentially-useful PRs getting black-holed, slow support, etc, etc), this is more of a warning for others than any kind of attempt to get help.
Of course Github is struggling these days with an influx in AI Agent accounts driving a huge increase in spam and other garbage, so I sympathize a lot with the folks over there. But none of that means we have to use the (historically excellent) free product they're offering, we can also...not.
For those who weren't aware, codeberg/self-hosted forgejo can import entire github repos including historical issues and PRs, comments, etc.