问HN:有人在一个拉取请求中提交了超过2万行代码,导致我的持续集成和人工智能工作流程耗尽。
嗨,HN,
我正在维护一个开源项目,几天前有人提交了一个拉取请求(PR),自那时起,该PR中增加了超过2万行代码。提交者有两个新账户,但他们没有提供联系方式,仅提供了用户名。
PR链接:[https://github.com/srbhr/Resume-Matcher/pull/497](https://github.com/srbhr/Resume-Matcher/pull/497)
账户:
1. [https://github.com/lololop67](https://github.com/lololop67)
2. [https://github.com/ririyoungG](https://github.com/ririyoungG)
我还从PR中发现,他们在某个地方托管了这个项目,但没有任何数据免责声明。由于这个项目是一个AI简历生成器,托管项目的账户可以轻易提取私人数据,比如电话号码、电子邮件和地址,并将其用于恶意目的、诈骗等。这让我更加担忧。 :(
我从来没有打算让这个项目收费。我的目标是提供一个本地优先的替代方案,以取代一些在线简历生成器,而这些账户却在做完全相反的事情,并且他们将其托管在:[https://gojob.ing/](https://gojob.ing/)
我尝试在PR中评论他们正在开发的功能,但到目前为止还没有收到任何回复。
我该怎么做呢?
查看原文
Hi HN,
I'm maintaining an OSS project, and someone raised a PR a few days earlier, and since then, 20K+ LoC has been added to the PR. There are two new accounts, but they lack details on how to contact them, only providing usernames.<p>PR: https://github.com/srbhr/Resume-Matcher/pull/497<p>Accounts:
1. https://github.com/lololop67
2. https://github.com/ririyoungG<p>I've also found out from the PR that they're hosting the project somewhere, without any data disclaimer. Since this project is an AI resume builder, the accounts hosting the project can easily extract private data, such as phone numbers, emails, and addresses, and use it for malicious purposes, scams, etc. And that's what I'm more worried about. :(<p>I never intended to paywall this project. My goal was to provide a local first alternative to some online resume builders, and the accounts are doing the exact opposite, and they've hosted it at: https://gojob.ing/<p>I've tried commenting on the PR about the features they're working on, but I haven't received any replies so far.<p>What am I supposed to do here?