Improper language detected

[VegaDeftwing]

Dear @scanossdev I hope this message finds you well. From ScanOSS, we are constantly reviewing open source code and noticed the use of language that could be considered vulgar or inappropriate on one of your repositories. As you have marked your project as Open Source, it's important to maintain a professional and respectful tone throughout the codebase. We kindly ask that you refrain from using such language and update your submission accordingly. The next table summarizes our detections:

https://github.com/scanoss/purl2cpe/blob/f052433bfab42fb51d9758af6aaaf5974ce2142e/data/the_fuck_project/the_fuck/cpes.yml#L2

Your contributions are valuable to all OSS community, and we appreciate your understanding and cooperation in this matter. If you have any questions or need assistance, please feel free to reach out.

Thank you for your attention The ScanOSS Team www.scanoss.com

---

Clearly, I'm being facetious here, but your (Now deleted) bot's comments really rubbed me the wrong way, and blindly deleting it without an apology (assuming you did so, and it wasn't just nuked due to GH TOS violations from reports) isn't cool. I hope you guys have learned your lesson about how your product can have negative consequences too. What you did with that bot was definitively in opposition to the ethos of open source and maker/hacker culture and you owe everybody's whose repository's had an issue opened a direct and sincere apology.

[Architector4]

Dear @VegaDeftwing I hope this message finds you well. From ScanOSS, we are constantly reviewing open source code and noticed the use of language that could be considered vulgar or inappropriate on one of your issues. As you have marked your issue as Open, it's important to maintain a professional and respectful tone throughout the description. We kindly ask that you refrain from using such language and update your submission accordingly. The next table summarizes our detections:

https://github.com/scanoss/purl2cpe/blob/f052433bfab42fb51d9758af6aaaf5974ce2142e/data/the_fuck_project/the_fuck/cpes.yml#L2

Your contributions are valuable to all OSS community, and we appreciate your understanding and cooperation in this matter. If you have any questions or need assistance, please feel free to reach out.

Thank you for your attention The ScanOSS Team www.scanoss.com

[Firepal]

Dear @Architector4: I hope this message finds you well. From ScanOSS, we are constantly reviewing open source code and noticed the use of language that could be considered vulgar or inappropriate on one of your repositories. As you have marked your project as Open Source (https://github.com/scanoss/purl2cpe), it's important to maintain a professional and respectful tone throughout the codebase. We kindly ask that you refrain from using such language and update your submission accordingly. The next table summarizes our detections:

https://github.com/scanoss/purl2cpe/blob/f052433bfab42fb51d9758af6aaaf5974ce2142e/data/the_fuck_project/the_fuck/cpes.yml#L2

Your contributions are valuable to all OSS community, and we appreciate your understanding and cooperation in this matter. If you have any questions or need assistance, please feel free to reach out.

Thank you for your attention The ScanOSS Team www.scanoss.com

[jkmartindale]

Dear @Architector4 I hope this message finds you well. From ScanOSS, we are constantly reviewing open source code and noticed the use of language that could be considered copypasta on one of your comments. As you have marked your profile as "doing random things", it's important to maintain sufficient entropy throughout your online communication. We kindly ask that you refrain from using such language and update your submission accordingly. The next table summarizes our detections:

Dear @VegaDeftwing I hope this message finds you well. From ScanOSS, we are constantly reviewing open source code and noticed the use of language that could be considered vulgar or inappropriate on one of your issues. As you have marked your issue as Open, it's important to maintain a professional and respectful tone throughout the description. We kindly ask that you refrain from using such language and update your submission accordingly. The next table summarizes our detections:

https://github.com/scanoss/purl2cpe/blob/f052433bfab42fb51d9758af6aaaf5974ce2142e/data/the_fuck_project/the_fuck/cpes.yml#L2

Your contributions are valuable to all OSS community, and we appreciate your understanding and cooperation in this matter. If you have any questions or need assistance, please feel free to reach out.

Thank you for your attention The ScanOSS Team www.scanoss.com

Your contributions are valuable to all OSS community, and we appreciate your understanding and cooperation in this matter. If you have any questions or need assistance, please feel free to reach out.

Thank you for your attention The ScanOSS Team www.scanoss.com

[VegaDeftwing]

Oh! Looks like I still had my response to your bot open, so here was my raw, unfiltered, and (Oh no!) vulgar original thoughts, before I toned it down to comment here:

@scanoss

OOPS! Did I swear in my own repo? My bad.

Cursing, and how the open source community represents itself, are - and I can not stress this enough - not a business-polite thing. You're welcome to fork (Within my license terms) and remove them, but given part of open source and a healthy hacker ethos is the counter-culture vibe that made the technology I'm sure even you yourselves use possible, you can

🎀 𝑔o 𝒻𝓊𝒸𝓀 𝓎o𝓊𝓇𝓈𝑒𝓁𝓋𝑒𝓈 🎀

What you're doing is not helpful to the OSS community, it's helpful to your business partners that profit off open source, and given the trend in industry, do so typically without giving back. You want to do something meaningful? Drop a recurring sponsorship of my website so I can take more time to write guides and cool things using whatever 🎀 𝒻𝓊𝒸𝓀𝒾𝓃𝑔 🎀 language I choose to best convey my intent and feelings.

That project was https://github.com/VegaDeftwing/opinionatedguide in case you interested in fucking sponsoring me <3 I would really fucking appreciate it!

[DarkKirb]

also for a more general comment, we share code on github because we think it might be useful for others.

we do not share it so that it becomes part of the software supply chain where we would have to follow random professional standards with none of the compensation.

You might also be appalled by the amount of swearing in some corporate code, potentially even your codebase

[tamius-han]

I'll also join the bandwagon, but without parodying their copy-pasta.

I hope this message finds you well. From ScanOSS, we are constantly reviewing open source code and noticed the use of language that could be considered vulgar or inappropriate on one of your repositories. As you have marked your project as Open Source [...]

Dear ScanOSS:

1. Where can you see a LICENSE.MD stating that this is a proper open-source project? That's right, there isn't one, therefore this project isn't really open source. It's merely a source-available thing that's there purely to prove to the public that my project does exactly what it says it does on the AMO and CWS listings, and nothing otherwise nefarious or malicious.
2. This is MY spaghett, and I'll use whatever language I feel is appropriate
3. Given my project isn't some enterprise-grade software, but a side project I'm working on in my free time, there's no need to keep my code more sterile than a BSL-4 lab
4. While I agree that words and phrases the sole and only purpose of which is to offend or spread hate towards a specific demographics are perhaps not something you should do in your code, there's objectively absolutely nothing wrong with using mildly spicy language to refer to potential problem spots and code of questionable quality.

it's important to maintain a professional and respectful tone throughout the codebase.

If you believe so, you're welcome to maintain what you perceive to be a "professional and respectful" tone throughout your codebase. In my codebase, I am the one who gets to decide what's appropriate and "professional and respectful" enough. Not you. If I want my project to have a "I built this in my garage" vibe instead of giving off the "I wrote that in a sunless cubicle with nothing but an 8000K fluorescent lamp above my head and HR standing behind me" impression — that's entirely up to me, and you don't get the right to harass me by having your bot file automated issues on my repositories and wasting my time.

Don't ever try to force your opinions on my codebase again, especially not by using automated tools that I haven't opted in into using. My github issues exist for users to report broken features, not for you to police things you frankly have no right policing.

We kindly ask that you refrain from using such language and update your submission accordingly.

I kindly ask you to stop acting with the authority you don't have, and to stop spamming my repositories.

[VegaDeftwing]

Hey @agustingroh it looks like you're the most frequent committer on SCANOSS repos, thought I'd nudge this to get some attention brought to it. Still awaiting an apology myself, though at this point needing to ask for it makes it rather moot personally, it would still be nice for everyone else SCANOSS spam'd.

[juliancoccia]

We recently conducted a brief experiment involving contributions to a small set of repositories. Our intentions were to gather insights, but we recognize this was misinterpreted by some community members. We sincerely apologize for any confusion or concern this may have caused. Moving forward, we will be more transparent about our processes and engage more closely with repository maintainers before taking similar actions. Thank you for your understanding as we work to improve our approach. Closing this issue.

[DarkKirb]

I do have two questions i want to have answered:

• Do you commit to not filing these issues unless the repository [owners] use ScanOSS or ask ScanOSS to do so?
• If not, will you provide instructions on preventing further interactions with your broken bot?

[juliancoccia]

@DarkKirb as I expressed earlier, this was an experiment and won’t be repeated. No action required at your end. We are sorry for the inconvenience.

[Firepal]

same vibe, though this swearbot wasn't so bad: https://www.theverge.com/2021/4/30/22410164/linux-kernel-university-of-minnesota-banned-open-source

[Firepal]

it just seems strange to not mention anywhere in the sent messages that this was an experiment. "we are constantly reviewing open source code" lead me to believe this was a routine thing that wouldn't halt.

it's easy to "misinterpret" because it is literally impossible to interpret it as the experiment it was from its messages

[DarkKirb]

Vega has asked me to relay this here since you have blocked further communication:

engage more closely with repository maintainers before taking similar actions

this was an experiment and won’t be repeated

So, which is it?

We sincerely apologize for any confusion or concern this may have caused . Not apologizing for the spam? Not for over 2 weeks to respond? but for "confusion". I wasn't confused. I was angry. I knew what had happened. You had chosen my repository for a test of your bot, a bot which violated GH TOS, without my consent.

Now, I have two comments that say "This comment was marked as abuse." from your team, presumably strikes on my account. Strikes originating from me replying to you doing something that was a TOS violation so bad you got an account nuked from GitHub.

This isn't an acceptable resolution. When things like this happen it shows if a business and company cares, is this how you want the FOSS community to know SCANOSS?

I’d also like to add that neither of us here has signed up for any experiments by your company. It’s unwarranted and arguably unethical for you to subject us to these experiments. I would like to ask again if there was a method to stop further unwarranted contact from your company, or if you are putting mechanisms into place for this to not happen again, for any future product of yours.

[juliancoccia]

Hi @DarkKirb,

The terms of service of Github (and the Open Source license of your choice under which your contribution was released), openly allow contributions from other users. Therefore, people looking at contributing to your project don't really need your consent before issuing a PR. You always have the right to accept or reject contributions at your discretion.

Our experiment was based on issuing automatic contributions to some components using bad language (detecting and suggesting the removal of such language). The purpose? Contributing to the adoption of those Open Source components. For your information, bad language is banned in most organizations and, therefore, if you are interested in having adoption of your Open Source, it is good practice to avoid such language.

We really don't need to put any mechanisms in place for this not to happen again. This isn't something we do on a regular basis and, as I mentioned, anyone could contribute to any repo as long as it adheres to Github's ToS.

If you are not willing to receive contributions from the community, if you are not interested in your Open Source contribution gaining adoption, or if you prefer people to sign special agreements to make contributions, perhaps you are better off closing down your repository, making it private.

Hope this helps. Ciao!

[DarkKirb]

Our experiment was based on issuing automatic contributions to some components using bad language

Automated spamming is against the github acceptable use policy which you have agreed to and also understood as being disruptive under contribution guidelines many projects adopt.

Contributing to the adoption of those Open Source components.

I am not interested in this. Should you be appalled by the use of the word “fuck” in production codebases, you are free to use other code or alter it to taste. I am however not interested in receiving issues filed about this as this is not an issue with the software or its documentation.

While yes you are allowed by the github terms of service to file issues about this, doing so in a bulk and spammy way is against the acceptable use policy of github. Combine that with how you have labeled this as an “experiment”, which typically requires consent from the participants, and i do not believe this is a legitimate use case for the github API.

[DarkKirb]

I should also add, if i was sending bulk advertising email to your email server you’d be in your right to block it. You wouldn’t have to accept it just because i said it was an experiment, or because you might want to purchase the products in the advertisements. In fact this would actually be illegal and against the terms of service of whatever provider i was using.

[sigg-mund]

Vega has asked me to relay this here since you have blocked further communication:

I really like how their (ScanOSS') words say one thing, but their action speak the exact opposite. (Except Julian's most recent comment, which was made while I was writing this comment, outright makes it clear the initial "apology" was dishonest and insincere).

And the rest is aimed at Julian (and the rest of ScanOSS):

We really don't need to put any mechanisms in place for this not to happen again. This isn't something we do on a regular basis and, as I mentioned, anyone could contribute to any repo as long as it adheres to Github's ToS.

Automated spamming like your "experiment" is against Github's ToS. Opening meaningless issues — which is another category your "inappropriate language detected" spam belongs to — is likewise against Github's ToS.

(and the Open Source license of your choice under which your contribution was released)

Several of the repositories you spammed were not released under any open source license, as indicated by the lack of LICENSE.MD in said repositories. The default github license gives you the right to view and fork repositories, but as per this helpful page, you aren't free to reproduce, distribute, or create derivative works in public repos outside of Github when the repo doesn't contain a LICENSE.md granting you those rights.

This is something that every programmer needs to be aware of, especially if they're working for a company that only releases proprietary products. Julian — as a CTO of your organization per your bio, you should be very well aware of this.

If you are not willing to receive contributions from the community,

We are often willing to accept meaningful contributions from the community. Meaningful contributions being:

• your project doesn't work for me under these circumstances (also known as: "bug report")
• please extend the functionality of your project by adding feature X (also known as: "feature request")
• hey, I found a bug in your code and fixed it (also known as: "pull request")

These are the three main categories of contributions we are interested in, and your language policing (aka "we found this naughty word that offends nobody in particular) fits neither. It is, by any metric, NOT a meaningful contribution — so don't get too mad when people ask you stop, apologize, and commit to never ever doing it again. Github seems to agree — if your spamming were not a violation of Github ToS, your spamfest wouldn't get your @scanoss-sentry-bot account restricted.

Consider this: even GitHub's own dependabot is something you have to actively opt-in to. If you don't, dependabot will leave your repositories alone — even though dependabot is far more useful than your "experiment."

Furthermore:

If you are not willing to receive contributions from the community, if you are not interested in your Open Source contribution gaining adoption, or if you prefer people to sign special agreements to make contributions, perhaps you are better off closing down your repository, making it private.

This is an outright bad logic and a very offensive suggestion. Just because people are not willing to accept contributions — especially useless spam like your language policing — that doesn't mean we should mark our repos as private. Some people want to throw out their code as a "hey I did this. Use this if you want, but don't bother me with issues," and that's completely valid. Some people put their code, with public visibility, on a trusted platform as a matter of transparency. You should stop acting as if that were an invalid usecase for github, because it's really not.

Yes, I am writing this on a throwaway account.

[sigg-mund]

Oh, and one more thing. This was brought up by DarkKirb already, but:

The purpose? Contributing to the adoption of those Open Source components. For your information, bad language is banned in most organizations and, therefore, if you are interested in having adoption of your Open Source, it is good practice to avoid such language.

Yeah. Many of us share our code for other people like to see, and are wholly uninterested in being a free labour for large corporations. If we had interest in our code being adopted outside of whatever niche community we are a part of, we would already conduct accordingly.

Our conduct in our own repositories is not your business. It's our business, and ours alone.

[soatok]

Software that uses profanity has measurably better code quality than software without swear words.

https://cme.h-its.org/exelixis/pubs/JanThesis.pdf

[gilesbowkett]

we recognize this was misinterpreted by some community members

this is not an apology, and not an appropriate response.

you angered the community by telling people how to talk.

what you did was wrong and you need to apologize.

nobody misinterpreted anything except you.

[arp242]

If you are not willing to receive contributions from the community

You are not "part of the community" or "sending contributions" @juliancoccia. Lots of people release things on GitHub because "here's this cool thing I made for myself, and maybe it's useful for others too so enjoy, and maybe we can make something nice together", and your unsolicited opinions on what language I should or should not use in my own bloody repo is not appreciated. That's not "contributing", or being part of any "community".

What the GitHub ToS does or doesn't say is completely besides the point. No one said you're not legally allowed, they said it's not appropriate. We're not a wankdoll for you to experiment on.

As an opt-in tool it's fine. In my own organisation I typically avoid such language in code and commits exactly because the plan is to open source it. But not every project is the same. I apply different standards to my personal "it was useful for me, and maybe for you too" projects, and I don't need your suggestions.

This is no different than offering unsolicited suggestions that "actually, foo_id would be better written as fooId" or "actually, spaces are better than tabs". As a regular contributor and member of the community that's a fine discussion to start. As a drive-by comment/commit from a bit: absolutely not.

It baffles me how you can think that's was a good idea in the first place, never mind defend it like that.

[valbaca]

Friendly reminder that Github has mechanisms to report spam and abuse. Report and let GH decide if it's in their terms

[Firepal]

@valbaca in my experience these kinds of kerfuffles are generally dealt with amongst ourselves, e.g. without considering platforms too much. that would've been an interesting action to take, though its effectiveness as protest seems questionable imo

[valbaca]

True and normally would encourage that among actors (actual contributors?) working in good faith, but the question of "acceptable use" was being discussed, and rather than debate among each other what is acceptable use on GH, just let GH decide.

[C0rn3j]

If you are not willing to receive contributions from the community, if you are not interested in your Open Source contribution gaining adoption, or if you prefer people to sign special agreements to make contributions, perhaps you are better off closing down your repository, making it private.

Hope this helps. Ciao!

So... are you going to reopen this and actually fix the problematic file which is still there?

https://github.com/scanoss/purl2cpe/blob/main/data/the_fuck_project/the_fuck/cpes.yml

Or maybe you'd like to make this repository private?

[kebokyo]

Insert comment jumping on the brigade here

also y'all made it to hacker news congrats

[Maffsie]

For what it’s worth, I’d like to know what part of abusing github’s search feature to search for profanity, then filing an automated issue requesting adherence to a language policy that nobody involved in the “experiment” agreed to (nevermind that using an open community as subjects in an experiment is an unethical practice first and foremost), what part of this was “gathering insights”? Not here from orange website, I’ve been following this issue since it was first opened by Vega.

[0n1cOn3]

Hi! 🙂

I hope this messages will arrive in a good shape.

I have a few things to say, which I am also cannot accept as an apologize. 😒

We recently conducted a brief experiment involving contributions to a small set of repositories.

Something similar was written on the WEF website in 2020 because of the corona pandemic, just with another scalability. It was just an "experiment" to see how what where XYZ. Something like this is also not welcome in the FOSS community and is commented on and "exploited" accordingly.

Thank you for your understanding as we work to improve our approach.

You don't have to understand something like that. This has to do with ethics and morals. And the boundaries have clearly been crossed here. Anyone can write their project in their own words as they please.

There are plenty of developers who do this in their spare time without being employed in this field. And those who are, know the Code of Conduct and its provisions on how to interact/write with the code.

So to open an issue tab and then challenge for a "fix" to the language is really absurd and surreal. Isn't it enough that the LQGTB groups are trying to put down projects just because their gender is not recognized?

A lot has already been said here, so I don't need to repeat it myself. However, as mentioned here:

https://github.com/scanoss/purl2cpe/issues/24#issuecomment-2386707419

https://github.com/scanoss/purl2cpe/issues/24#issuecomment-2385965260

https://github.com/scanoss/purl2cpe/issues/24#issuecomment-2385711856

https://github.com/scanoss/purl2cpe/issues/24#issuecomment-2386048847

Sincerly 0n1cOn3

[DarkKirb]

You may want to inform Quique Goñi, one of your employees, that someone is using their name to defame others online: https://news.ycombinator.com/item?id=41735407

[soatok]

This reminds me of this letter of note.

I feel you should be aware that some asshole is signing your name to stupid letters.

[DarkKirb]

@scanoss-qg

[jacklinke]

https://news.ycombinator.com/item?id=41735407

Wow. His post is full of paternalistic, egotistical bullshit. Very much "you'd be prettier if you smiled more" vibes.

What I see is a group of disgruntled individuals who have been reprimanded for their use of vulgar language.

Really? Who the hell are the employees of scanoss to reprimand anyone?

For a company using 'OSS' in its name and claiming to contribute to the community, you are incredibly tonedeaf. And doubling down by trying to justify your shitty bot and its shitty behavior & abuse does nothing to improve your image in the community you pretend to be part of. 🙄

[sigg-mund]

The HN comment got flagged and isn't visible, so I'll take the liberty of pasting it over and adding some commentary.

Honestly, I see no valid reason for users to be upset. What I see is a group of disgruntled individuals who have been reprimanded for their use of vulgar language.

Reprimanded how, @scanoss-qg? While being spammed by "how dare you use profanity in your repo?" is highly annoying, it doesn't really count as reprimand as it doesn't carry any other negative consequences (except for being majorly annoyed at an entity that tries to pretend it has authority over our repos when they really have none).

Except maybe Vega, who got blocked for politely asking for your company to make a statement, and used a relatively tame naughty word in a relative inoffensive context a grand total of 4 times ... which is a lot less severe violation than your spam. By several orders of magnitude.

These same individuals have made comments that range from violating the code of conduct of an open project to falsifying information, impersonation, and even extortion.

While using naughty words might be a violation of your CoC ...

... are 'falsifying information', 'impersonation', and 'extortion' in the room with us right now?

For the sake of free software, I hope SCANOSS takes legal action against these individuals or their guardians

https://www.youtube.com/watch?v=4NLy3mMkuLU