Quoting Andreas Kling

📰 Simon Willison's Blog

Learn why a project stopped accepting public pull requests and how to evaluate code contributions in a similar context

intermediate Published 5 Jun 2026
Action Steps
  1. Evaluate your project's security requirements
  2. Assess the potential risks of public pull requests
  3. Consider implementing alternative contribution methods
  4. Develop a clear policy for code contributions
  5. Communicate the policy to your community
Who Needs to Know This

Developers and project maintainers can benefit from understanding the reasoning behind this decision to improve their own project's security and contribution policies

Key Insight

💡 The assumption that substantial patches imply good faith no longer holds, and project maintainers must prioritize security and accountability

Share This
🚫 No more public pull requests? Learn why and how to adapt your project's contribution policy

Key Takeaways

Learn why a project stopped accepting public pull requests and how to evaluate code contributions in a similar context

Full Article

We will no longer accept public pull requests. [...] A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds. [...] Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users. The people introducing changes to
Read full article → ← Back to Reads