Your bot is spam

[ar0ch]

Please don't open issues in an automated fashion. Doing so is spam, and winds up with you being reported to github for it.

[armish]

Hi Aroon (@ar0ch),

Please feel free to report my use case to GitHub and I am more than happy to defend the rationale behind this approach to them. Note that I am NOT

• advertising any product or scam scheme
• using a bot account
• creating issues on random repositories

and I am

• using my own account
• pointing out a potential issue across many bioinformatics tools
• apologizing in my issue if the hit is a false positive

I am already getting comments back from authors that this might indeed be an issue with their tool. If you are calling this spam, GitHub's automated vulnerability notification issues are also spam. I appreciate your comment/issue here but unfortunately you are missing the point.

All the best,

[tsibley]

People can opt into or out of GitHub's vulnerability notifications. The same is not true when you inject yourself en masse into the projects of strangers.

[armish]

@tsibley: thank you for your valuable comment but I disagree. I am sorry that your case was one of the edge cases but this spamming en masse has already led to some corrections or helpful discussions in multiple projects. If 10 out of 600 repositories I notified are true hits, I am ready and happy to face this spam's consequences (c.f. https://github.com/tsibley/Workflows-and-Parallel-Processing/issues/1). As I mentioned earlier, if you feel like I am violating GitHub's API regulations, please go ahead and report my action as a spam and I will be happy to resolve this case with GitHub folks.

Technically you have the option to turn the issues off on your repo to not let this happen. Do know that I already apologized in my issue about this approach not being that smart. I am not hiding behind a pseudo account so this is me taking action regarding a potentially terrible misunderstanding of a very commonly used tool.

If you'd like to be more constructive the next time, I invite you to improve this method via submitting a non-spammy approach as a PR to this repo and I would love to work on such a tool in a collaborative manner. These types of common misuses are going to be more and more common and this type of a notification system will be a huge need.

I will re-open this issue and let people comment what they think about this.

[tsibley]

Technically you have the option to turn the issues off on your repo to not let this happen.

Yes, and technically I also have the option of not using email so that I can't receive spam. :roll_eyes:

Do know that I already apologized in my issue about this approach not being that smart.

If you have to apologize in advance for something, you're often better off not doing it in the first place.

[armish]

If you have to apologize in advance for something, you're often better off not doing it in the first place.

Oh, then I am glad that I did it as that my edge case apology only applies to 2 out of 600 somethings.

[armish]

From Avery of Github:

Hi there,

My name is Avery, and I'm part of the GitHub User Policy team.

I'm reaching out following reports from other GitHub users that you may be using automated measures to open unsolicited issues in other users' repositories. Many users find such unsolicited contact to be disruptive, and as such, it may go against the prohibition against spam in our Terms of Service.

We ask that activity of this sort be opt-in only, meaning users would specifically need to request to be part of your project prior to receiving communications from you. Keep in mind that we do consider this spammy behavior, and should we receive further reports, we may need to flag your account. We'd rather not, of course, as we hope for your cooperation!

We appreciate your attention to this matter, and your help in making GitHub a good experience for all of our users. If you have any questions or concerns about this notice, please let us know.

All best,

Avery

From me:

Hi Avery,

Thank you so much for your note -- I appreciate GitHub's interaction with users and also your understanding about this issue. I will do my best to stick with the TOS and not initiate spam behaviors.

Having said this, I really need your help to better understand my options here: the reason I did this automation (https://github.com/armish/blast-patrol) is because of a serious misunderstanding in one of the most commonly used scientific software and my goal here was to warn people against this misuse case. I ended up creating ~600 issues -- a majority of these repositories are not even maintained but > 50 of these issues led to corrections (a really huge scientific win). I made a few people angry and kindly encouraged them to contact you to report my use case (https://github.com/armish/blast-patrol/issues/2) with the hope of starting a conversation with you.

This type of misuse is not an isolated issue and thanks to GitHub's service, more and more scientific software developers are making their code available and therefore, it is getting easier and easier to identify such wide-spread issues across multiple repositories. This is similar to GitHub's automated vulnerability/security warnings but as you can imagine, there is no way for me to reach out to all of these people up-front and ask whether they want to be part of this type of a notification (since the only information I have on them is their public GitHub repos).

I am really interested in building on this use case and come up with a legit way to warn people about potential serious misuse cases. This could change the way we do computational science in the long term and would greatly be appreciated by fellow scientists. I was wondering if there is a right way to do this with your help. I would appreciate any pointers or words of wisdom for me.

Thank you so much!

[armish]

From Avery of GitHub:

Hi Arman,

Thanks again for providing this detailed explanation. While we appreciate your goal of helping the scientific community, unfortunately, your current approach does go against the prohibition against spam in our Terms of Service. In order to make your service opt-in, you may want to consider creating a GitHub App, which you can learn more about at the following link:

https://developer.github.com/apps/about-apps/

You may also want to take a look at the GitHub Marketplace to see how developers have created apps to achieve similar goals:

https://github.com/marketplace/category/security

Thanks again for your cooperation, and please let us know if you have any other questions.

All best,

Avery

From me:

Thank you for taking the time to discuss this use case, Avery. Noted the use of GitHub Apps. I will try to make good use of this and be a good GitHub citizen as much as I can.

Best,

[peterjc]

I’m not convinced by some of the claims in Shar et al 2018. I’ve written on the bit about BLAST database order with -max_target_seqs & friends, https://blastedbio.blogspot.com/2018/11/blast-max-alignment-limits-repartee-two.html

[acesnik]

There's also a response to the letter in the same journal that was clarifying: https://academic.oup.com/bioinformatics/article-abstract/35/15/2699/5259186?redirectedFrom=fulltext