Hacktoberfest is a promotion run by DigitalOcean that runs every October in order to encourage developers to contribute to open-source projects on GitHub. By doing so, DigitalOcean will send a free T-shirt for four pull requests sent to any repository on GitHub. From the description:
Hacktoberfest® is open to everyone in our global community. Whether you’re a developer, student learning to code, event host, or company of any size, you can help drive growth of open source and make positive contributions to an ever-growing community. All backgrounds and skill levels are encouraged to complete the challenge. Hacktoberfest is a celebration open to everyone in our global community. Pull requests can be made in any GitHub-hosted repositories/projects. You can sign up anytime between October 1 and October 31.
While well-intentioned, and certainly a means to promote DigitalOcean, this year has seen more problems than in previous years. According to an update published by DigitalOcean, a social media promotion has resulted in much higher volumes of low-quality PRs being generated across multiple GitHub repositories. They have tweeted an apology but are still running the competion, encouraging those to make changes.
As the encouragement from DigitalOcean is valid for any GitHub hosted repository, there is no way for individual GitHub users or organisations to decline to be part of this challenge. The fact that it's an opt-out, rather than opt-in (like Google Summer of Code) has caused some resentment, with one disgruntled user claiming that:
For the last couple of years, DigitalOcean has run Hacktoberfest, which purports to “support open source” by giving free t-shirts to people who send pull requests to open source repositories.
In reality, Hacktoberfest is a corporate-sponsored distributed denial of service attack against the open source maintainer community.
So far today, on a single repository, myself and fellow maintainers have closed 11 spam pull requests. Each of these generates notifications, often email, to the 485 watchers of the repository. And each of them requires maintainer time to visit the pull request page, evaluate its spamminess, close it, tag it as spam, lock the thread to prevent further spam comments, and then report the spammer to GitHub in the hopes of stopping their time-wasting rampage.
A new twitter account, @s**toberfest, has been sending out messages from disgruntled open-source maintainers who are having their pull requests spammed with trivial changes.
Open-source maintainers have taken to fixing the problems themselves; a new GitHub action has been created to block known Hacktoberfest spammers, and GitHub themselves have announced temporary workaround to limit non-existing contributors from creating PRs or Issues, in a message entitled "Hacktoberfest: Help for Maintainers:"
Need to take a break, or limit which people can send a pull request to your repo?
You can now limit interactions for a period of time. Find it in your project settings › moderation settings › interaction limits.
You can set interaction limits for all public repositories in an organisation, or for a single repository.
This has obviously been implemented in a very short space of time, and its main purpose seems to be to try and defeat the Hacktoberfest spammers from polluting repositories. Unfortunately, since it needs to be done on each repository, spammers are more likely to find less well-known repositories to achieve their aims rather than stemming the flow completely.
For its part, DigitalOcean are aware of the problem (as they've noted) but are continuing to run the promotion. However, with the negative backlash that it has caused, you have to wonder whether their advertising promotion will do more harm than good.
InfoQ has reached out to DigitalOcean and will update this post upon response.