We’re big fans of what Hacktoberfest represents, but maybe it’s time to rethink the model. The burden falls primarily on maintainers, as Domenic Denicola outlines in this post – going as far as to describe Hacktoberfest as “a corporate-sponsored distributed denial of service attack against the open source maintainer community.”

For the last couple of years, DigitalOcean has run Hacktoberfest, which purports to “support open source” by giving free t-shirts to people who send pull requests to open source repositories.

In reality, Hacktoberfest is a corporate-sponsored distributed denial of service attack against the open source maintainer community.

So far today, on a single repository, myself and fellow maintainers have closed 11 spam pull requests. Each of these generates notifications, often email, to the 485 watchers of the repository. And each of them requires maintainer time to visit the pull request page, evaluate its spamminess, close it, tag it as spam, lock the thread to prevent further spam comments, and then report the spammer to GitHub in the hopes of stopping their time-wasting rampage. … The rate of spam pull requests is, at this time, around four per hour. And it’s not even October yet in my timezone.

This screenshot of issues on whatwg/html labeled as spam was taken moments before posting this.