Collection of heated/controversial github discussions
Find a file
Nick2bad4u 80adddf880 Adds detailed context to dramatic GitHub interaction list
Expands the curated collection of controversial GitHub events with concise, informative summaries for each entry. Improves clarity, historical context, and discoverability by elaborating on key incidents, technical debates, and community reactions across a wide range of open source projects.
2025-05-30 15:04:22 -04:00
_config.yml Update _config.yml 2025-05-30 13:54:27 -04:00
CONTRIBUTING.md Move contributing guidelines to separate file 2024-12-15 22:05:57 +05:00
README.md Adds detailed context to dramatic GitHub interaction list 2025-05-30 15:04:22 -04:00

GitHub Drama Logo

github-drama 🌩️

Curated Collection of Notorious GitHub Drama & Controversies
📰 Subscribe for Updates · 🤝 Contribute

PRs Welcome License Stars


📑 Table of Contents


🧐 About

github-drama is a curated, community-driven archive of the most dramatic, controversial, and memorable moments in GitHub and open source history. This project aims to document and preserve links to heated discussions, infamous issues, and legendary pull requests for posterity and learning.

⚠️ Purpose: This repository is for educational and historical reference only. It is not intended to harass or target any individual or group.

For contributing guidelines, see CONTRIBUTING.md.


🌳 Phylogenetic Tree


🎭 Drama Archive

This is a curated collection of "dramatic" GitHub interactions.

Actix

Albertodemichelis

  • albertodemichelis/squirrel/pull/67
    • A pull request to remove a redundant assert(0) statement to fix a GCC6 warning led to a lengthy debate about compiler behavior, code correctness, and whether the assert should remain for safety.

Alex313031

Ambv

  • ambv/black/issues/118
    • A heated debate erupts over Black's strict formatting rules, with users arguing about code style enforcement and the project's "opinionated" approach. The thread becomes a battleground for code formatting philosophies.

Audacity

Angular

Ansible

  • ansible/ansible/issues/10530
    • Users are surprised by the appearance of "cowsay" ASCII art in Ansible output, enabled by default if the cowsay binary is present.

Ant Design

PhantomJS

ASP.NET

Atom

AUTOMATIC1111

Ayo.js

Badges

Bitwarden

  • bitwarden/clients/issues/11611
    • Bitwarden's desktop version 2024.10.0 introduced a proprietary SDK, making it impossible to build the client without it.

Bower

Logary

  • causiq/logary/issues/345
    • Logary introduced a licensing model that required commercial IIS/Kestrel users to pay fees, sparking debate over fairness and F# ecosystem support.

Chrisaljoudi/uBlock

  • Ownership transfer/donations drama
    • /pull/1517
    • /issues/1153
    • A contributor accused the maintainer of soliciting donations for work done by others.

CleverRaven/Cataclysm-DDA

Cloudflare/Wildebeest

Crablang/Crab

  • crablang/crab/issues/14
    • Cataclysm-DDA added an option to switch gender mid-game, sparking debate over whether it should be locked behind debug or an autodoc procedure.

CVarisco/community-story

Daeuniverse/Dae

Deepseek-ai/DeepSeek-LLM

Dear-Github/Dear-Github

Delgan/Loguru

  • Delgan/loguru/issues/563
    • Loguru's use of pickle for exception serialization was flagged as a security risk by a user's company.

Django

Docker

Doktornotor/Pfsense-Still-Closedsource

  • doktornotor/pfsense-still-closedsource
    • A repository was created to document claims that pfSense falsely advertises itself as open-source, arguing that key components are not publicly available.

Dominictarr/Event-Stream

Dotnet

Dotnet-Foundation/Home

EpicGames/Signup

Facebook

  • facebook/react/issues/10191
    • A user request for Facebook to re-license React from the BSD+Patents license to a more permissive license like Apache 2.0, following RocksDB's example.

Facebookresearch/Llama

Fasterthanlime

Feodor2/Mypal

GitHub DMCA

Golang

  • golang/go
    • /issues/21956 ** A proposal suggested removing the Google logo from the Go website
    • /issues/33021 ** A user advocated for moving Go's development workflow entirely to GitHub.

Google/googletest

GoogleCloudPlatform/Click-to-Deploy

Greatsuspender/Thegreatsuspender

Homebrew

Lllyasviel/Stable-Diffusion-Webui-Forge

Indutny/Node-ip

Iperov/DeepFaceLive

  • iperov/DeepFaceLive/issues/41
    • A user argued that DeepFaceLive should cease development, claiming the technology is primarily used for scams and deception.

Irungentoo/Toxcore

Jashkenas/Underscore

Jdm-Contrib/Justdelete.me

Jguer/Yay

Joyent/Libuv

  • joyent/libuv/pull/1015
    • A pull request proposed replacing a gendered pronoun with a neutral alternative in Joyent's libuv repository.

Jquery/Download.jqueryui.com

JuliaLang/IJulia.jl

Katharostech/Bevy_retrograde

Keepassxreboot/KeePassXC

Kenwheeler/Slick

  • kenwheeler/slick/issues/681
    • A user reported that swiping left or right on linked images in the Slick slider would activate the link, which was considered undesirable behavior. The user compared it to RoyalSlider, which required a tap to activate the link.

Kmmbvnr/Django-Jenkins

  • kmmbvnr/django-jenkins/issues/349
    • A user suggested moving the tutorial to ReadTheDocs to make it easier for contributors to edit and fix typos. The user even set up a ReadTheDocs project and offered to help migrate the documentation.

Kraih/Mojo

  • kraih/mojo/issues/656
    • A user criticized the project's practice of instructing users to run curl get.mojolicio.us | sh, citing security concerns about piping untrusted network data directly to a shell, use of HTTP without TLS, and multiple redirects.

Ksh93/Ksh

Ldapjs/Node-Ldapjs

Lerna/Lerna

  • /pull/1616
    • Lerna maintainers added a clause to the MIT license banning use by companies and organizations that collaborated with US Immigration and Customs Enforcement (ICE), including Microsoft, Amazon, Palantir, and others.
  • /pull/1619
    • Many users and contributors objected, arguing that the new license was no longer MIT, violated open source principles, and created legal and compliance confusion. Automated license checkers and companies relying on Lerna were affected.
  • /issues/1622
    • At least one contributor requested removal of their code from the project, condemning the politicization of open source.
  • /issues/1625
    • Same complaints as issue 1619 above.
  • /issues/1628
    • Users requested that any license change be released as a major version bump to avoid breaking builds.
  • /issues/1630
    • Some called for the removal of the maintainer responsible for the change, citing Code of Conduct violations and unprofessional behavior.
  • /pull/1631
    • here were attempts to remove specific companies (e.g., Microsoft) from the blacklist, with debate about the accuracy and fairness of the list.
  • /issues/1632
    • Same complaints as issue 1619 above.
  • /pull/1633
    • The Lerna team reverted the license change, restoring the original MIT license. The maintainer responsible for the controversial change was removed from the project.

Marak/Colors.js

  • In early 2022, the maintainer of colors.js and faker.js, Marak Squires, intentionally corrupted the codebases of both libraries. He introduced infinite loops and nonsensical output, causing widespread breakage for projects and applications that depended on these popular npm packages.

Mdn/Yari

Microsoft

  • Microsoft/Terminal/issues/10362

    • A user reported that Windows Terminal had extremely slow performance when processing virtual terminal sequences, especially with per-character color codes, resulting in a 40x slowdown.
  • Microsoft/TypeScript/pull/3622

    • This pull request introduced intersection types to TypeScript. While the technical discussion was extensive, it also became contentious. Several users expressed confusion and frustration over the conceptual model and terminology, especially those coming from statically typed language backgrounds.
  • Microsoft/vscode

    • /issues/32405
    • /issues/54261
    • /issues/191229
      • Summary: A Chinese company created a fork of VSCode named CEC-IDE, but claims all credit done for it as a "Chinese Home-grown IDE", violating the MIT license.
  • Microsoft/vscode - Santa hat drama

  • microsoft/vsmarketplace/issues/1114

    • The PlatformIO IDE extension, with over 4.5 million installs, was suddenly removed from the Visual Studio Marketplace.
  • microsoft/vsmarketplace/issues/1168

    • A user reported that the popular "Material Theme" extension was deleted from the marketplace due to alleged malicious activity, possibly by Microsoft.
  • Microsoft/web-build-tools/issues/673

    • This issue concerns a license compliance question about whether Microsoft's Rush project was derived from Lerna, following public claims by a Lerna maintainer.

Mishoo/UglifyJS2

  • mishoo/UglifyJS2/issues/2054
    • A user reported that installing uglify-js@2.8.28 via npm resulted in files with a timestamp of December 31, 1969, which is a classic Unix epoch issue.

Moment/Moment

  • moment/moment/issues/1407
    • Moment.js deprecated constructing dates from non-ISO strings due to unpredictable behavior across browsers, especially with legacy formats and the JavaScript Date constructor.

Moq/Moq

Moxystudio/Node-Cross-Spawn

  • moxystudio/node-cross-spawn/pull/102
    • A user proposed removing the nice-try dependency, arguing it was unnecessary and contributed to dependency bloat for a package used by thousands of projects.

MrGlockenspiel/Activate-Linux

MrMEEE/Bumblebee-Old-and-Abbandoned

NanoAdblocker/NanoCore

NationalSecurityAgency/Ghidra

Nextcloud/Android

  • Unintentional synchronization of all files

Nextcloud/Server

NixOS/Foundation

NixOS/Nixpkgs

  • NixOS/nixpkgs/issues/4952

    • A frustrated user details their struggles building Emacs and SBCL on NixOS, criticizing the project's documentation, package management, and the complexity of the Nix language.
  • NixOS/nixpkgs/pull/381817

    • A PR to disable telemetry by default in the devenv package is merged without maintainer consent, triggering a heated debate.

Nixxquality/WebMConverter

Nodejs/Inclusivity

Nodejs/Node

  • /issues/3721
    • A proposal to replace the use of "suicide" as a verb in the Node.js codebase leads to a sensitive discussion about language, mental health, and the impact of terminology in open source projects.
  • /pull/4765
    • Microsoft proposes enabling Node.js to run on the ChakraCore JavaScript engine, sparking a massive, technically complex debate about cross-engine support, project scope, maintenance burden, and the risk of ecosystem fragmentation.

Nodejs/Readable-Stream

  • nodejs/readable-stream/pull/238
    • A PR to inline a trivial isArray function instead of depending on a tiny npm package ignites a surprisingly intense debate about micro-dependencies, licensing, copyright, and the philosophy of code reuse.

Nodejs/TSC

  • nodejs/TSC/issues/8
    • A Node.js TSC member temporarily bans a user for making an inappropriate comment in the inclusivity repo.

Npm/Npm

  • npm/npm/issues/19883
    • A user opens an issue to report that npm's package-lock.json is being automatically updated even when running npm install --no-save, which they argue is unexpected and undesirable behavior.

Obsproject/Obs-Studio

  • obsproject/obs-studio/pull/2868

    • A long-running and heated pull request to add AppImage support to OBS Studio for Linux devolved into a major conflict between the AppImage developers and OBS maintainers.
  • obsproject/obs-studio/pull/10043

    • Single JSON change that adds another streaming service rejected by maintainer with zero commits in the last few days, citing not meeting unspecified requirements.

Oerdnj/Deb.sury.org

  • archive.ph
  • archive.org
    • A user reported that the PHP APT GPG key was unavailable over IPv6, leading to a protracted and increasingly hostile discussion.

Omnivore-App/Omnivore

Opal/Opal

OpenBB-Finance/OpenBBTerminal

Opencart/Opencart

  • opencart/opencart/pull/219
    • A user submitted a bugfix for a checkout issue affecting customers without predefined addresses. The maintainer dismissed the fix.
  • opencart/opencart/issues/1269
    • A user reported that OpenCarts password hashing was insecure, providing technical details and recommendations.
  • opencart/opencart/issues/1534
    • A security researcher reported a PHP object injection vulnerability after a failed attempt to contact the maintainer privately.
  • opencart/opencart/pull/1594
    • A contributor pointed out cryptographic flaws in OpenCarts encryption implementation.
  • opencart/opencart/issues/3834 (archive: 1, 2)
    • A user urged OpenCart users to switch to OpenCart-CE, a community-driven fork, due to the original projects lack of updates and security patches.

OpenTTD/OpenTTD

Orgs/Community

  • orgs/community/discussions/65343
    • Major user backlash against GitHubs feed redesign, with hundreds of comments criticizing the removal of chronological order, algorithmic curation, and lack of user control.

Palantir/Tslint

  • /issues/4132
  • /issues/4140
  • /issues/4141
    • Jamie Kyle (jamiebuilds) posted issues denouncing Palantir employees for their work with ICE, asking them to stop using his tools and calling the company racist. The issues were highly political, provocative, and sparked debate about ethics, open source, and company conduct.

P-H-C/Phc-Winner-Argon2

PiotrGrochowski/Consolas

Pkgxdev/Pantry

  • pkgxdev/pantry/issues/5358
    • User criticized the use of AI-generated, inaccurate, or nonsensical package descriptions on the pkgx.dev site, expressing concern about trust and suggesting using real metadata instead.

PolyMC/PolyMC

  • /commit/ccf2825
    • The commit deleted the CODE_OF_CONDUCT.md file with a commit message referencing reclaiming the project from "leftoids."
  • /issues/656
    • User accused PolyMC maintainers of abusing GitHub takedown requests to suppress forks, arguing this violates the GPLv3 and calling for adherence to open source principles.

Portainer/Portainer

  • portainer/portainer/issues/8452
    • Summary:
      • Portainer developers add an obnoxious e-begging button and call the built-in begware a new feature, not a bug.
      • Kubernetes users install ad blockers in their development environment to suppress the nagware.
      • The community then creates new ad-free forks and Docker images.

PowerShell/PowerShell

  • PowerShell/PowerShell/pull/1901
    • A user proposed removing the curl and wget aliases from PowerShell due to confusion and incompatibility with the real tools.

Prettier/Prettier

Probonopd

Projecthamster/Hamster

Promises-Aplus/Promises-Spec

Ptsteadman/Notebook

Pyca/Cryptography

  • pyca/cryptography/issues/5771
    • Users raised concerns about the project's increasing reliance on Rust dependencies, especially regarding platform support and installation difficulties.

Pypa/Pipenv

  • pypa/pipenv/issues/1050
    • Longstanding requests for supporting multiple python_version values in Pipfile remain unresolved.

P0deje/Maccy

  • p0deje/Maccy/issues/482,
    • archive.is,
    • archive.org,
    • ghostarchive
    • Some users can't figure out why they can't copy or paste with the clipboard manager and can't find any fix. Several people with the problem complain, and the problem is widespread due to the Ventura update. Finally, after much struggle, the issue is closed.

Qbittorrent/QBittorrent

  • qbittorrent/qBittorrent/issues/9407

  • qbittorrent/qBittorrent/issues/18618

    • Summary:
      • Without first consulting the qBittorrent developers privately, an alt account publicly disclosed a path traversal vulnerability by opening a GitHub issue in February 2023. (Coordinated Vulnerability Disclosure, CVD, Wikipedia)
      • One GitHub user responded, "That doesn't respect my freedom™ to use a better client." Many reacted to the reply with a thumbs-down emoji. (Source)
      • Another GitHub user commented, "What is your problem with using civilized language?" A qBittorrent maintainer marked the comment as abuse. (Source)

Rails/Rails

  • rails/rails/commit/b83965785db1eec019edf1fc272b1aa393e6dc57
  • /issues/5228
    • Mass assignment vulnerabilities, where developers forget to use attr_accessible or attr_protected, allowing attackers to set protected attributes via crafted HTTP requests.
  • /pull/5329
    • This PR proposed making the request.xhr? predicate method return a strict boolean (true/false) instead of “truthy” values like 0 or nil.
  • /issues/9894
    • A bug where callbacks on ActiveRecord.where(...).create inherit the where clause, leading to unexpected behavior.

Raivo-Otp/Ios-Application

Redis

  • redis/redis/pull/13157
    • Redis Inc. submitted a pull request to change the Redis databases license from the open-source BSD 3-Clause to the Redis Source Available License (RSAL) and Server Side Public License (SSPL).

Redis-Rs

  • redis-rs/redis-rs/issues/1419
    • Following Rediss license change, the maintainer of the popular Rust client redis-rs opened an issue to discuss the projects future. The issue revealed that Redis Inc. had contacted the maintainer, pressuring them to change the crates name and branding due to trademark concerns.

Resque/Resque

Restic

  • restic/issues/1786
    • A user requested that restic, a backup tool, allow repositories to be created with empty passwords.

RIAEvangelist/Node-ipc

Rms-Open-Letter

  • rms-open-letter
    • In March 2021, an open letter was published calling for the removal of Richard Stallman (RMS) from leadership positions in the Free Software Foundation (FSF) and related organizations, following his return to the FSF board.

RupertBenWiser/Web-Environment-Integrity

Robertdavidgraham/Masscan

  • robertdavidgraham/masscan/issues/482
    • This issue was opened to request the removal of "master/slave" terminology from the Masscan codebase, citing the terms as outdated and offensive.

Rollup/Rollup

Rubocop/Rubocop

SerenityOS/Serenity

  • SerenityOS/serenity/pull/6814
    • Hobbyist OS developer rejects inclusivity documentation changes PR, people of gender raid the comments three years late.

Signalapp/Signal-Android

  • signalapp/Signal-Android/issues/8974
    • Signal developers removed a passphrase and forced users to use a fingerprint. User claims that they received money from secret service for reducing a privacy of their app.

Snarfed/Bridgy-Fed

Spatie/Laravel-Newsletter

Spring-Projects/Spring-Hateoas

Standard/Standard

Stevemao/Left-Pad

  • stevemao/left-pad/issues/4
    • The infamous left-pad incident: the package is unpublished, breaking thousands of builds and sparking widespread discussion about npm's package management and the fragility of the ecosystem.

Strongloop/Loopback

  • strongloop/loopback/issues/1079
    • Controversy erupts when users discover the package phones home via optionalDependencies, causing slow installs and privacy concerns.

Syl20bnr/Spacemacs

Systemd/Systemd

  • systemd/systemd/issues/1143
    • A user reports that setting the system date far in the future causes systemd to get stuck printing "Time has been changed" repeatedly, leading to confusion and jokes about time travel bugs.
  • systemd/systemd/issues/2402
    • Mounting efivarfs read/write by default allows accidental deletion of EFI variables, resulting in bricked hardware.
  • systemd/systemd/issues/5644
    • A bug in tmpfiles allows a specific glob pattern to recursively delete the root directory, prompting alarm over the potential for catastrophic data loss.
  • systemd/systemd/issues/5755
    • A user requests that systemd-resolved select DNS servers in a round-robin fashion, but the actual behavior differs.
  • systemd/systemd/issues/6237
    • Systemd fails to handle usernames starting with a digit, causing privilege escalation and service failures.
  • systemd/systemd/issues/6259
    • A follow-up to the previous issue, this thread debates whether usernames starting with digits should be allowed, referencing standards and real-world usage.
  • systemd/systemd/issues/6369
    • A bug is reported where systemd's hostnamed mishandles FQDNs with trailing dots, leading to incorrect hostname settings and confusion over DNS conventions.

Tc39/Proposal-Cancelable-Promises

Telegramdesktop/Tdesktop

  • telegramdesktop/tdesktop/issues/96
    • A long-standing request for spellchecking support in Telegram Desktop gathers hundreds of comments, with users expressing frustration over the lack of progress and maintainers citing technical challenges.

Tenacityteam/Tenacity

  • tenacityteam/tenacity/issues/99 (archive.org, archive.is)
    • Tenacity, an Audacity fork, is an easy-to-use multi-track audio editor and recorder. A GitHub user named Cookiengineer was the leader and one of the developers of Tenacity.
    • Some 4chan users doxxed and attempted to murder Cookiengineer in a coordinated attack campaign in July 2021. (source: theregister 2021)
    • Cookiengineer quit after the harassment and stabbing from the 4chan users. (source: issues/99)

Tiangolo/Fastapi

  • tiangolo/fastapi/issues/3273
    • A user complains that the FastAPI documentation's "Concurrency and async/await" section uses too many emojis, making it distracting and hard to read.

Tip4commit/Tip4commit

  • tip4commit/tip4commit/issues/127
    • Mitsuhiko requests the removal of all their repositories from Tip4commit, objecting to third-party sites "gamifying" their projects.

Tj-Actions/Changed-Files

Todogroup/Opencodeofconduct

Tootsuite/Mastodon

Torvalds/Linux

Twbs/Bootstrap

  • twbs/bootstrap/issues/3057
    • A user reports that missing semicolons in bootstrap-dropdown.js cause minification errors in Firefox.

Twitter/Scrooge

  • twitter/scrooge/issues/222
    • A user points out that the project's build status icon shows a failing build, suggesting it should be fixed or removed

ValveSoftware/Source-1-Games

Vcflib/Vcflib

  • vcflib/vcflib/issues/206
    • A frustrated user reports that the vcf2tsv tool fails to separate per-allele records with newlines, resulting in jumbled output. They also complain about the random reordering of INFO fields.

VHSgunzo/Lutris-Wine

Vimeo/Player.js

Voat/Voat

Ultralyics/Ultralytics

Webpack/Webpack-Cli

  • webpack/webpack-cli/issues/1612
    • A user reports that importing fs/promises works with TypeScript but fails with Webpack, triggering a "Can't resolve 'fs/promises'" error.

WhisperSystems/Signal-Android

WICG/Interventions

  • WICG/interventions/issues/18
    • A heated debate erupts over Chrome's intervention to block synchronous XHR requests during page dismissal (e.g., in unload/beforeunload events).

WinampDesktop/Winamp

Xenia-Canary/Xenia-Canary

  • xenia-canary/xenia-canary/pull/180
    • Summary
      • One of developers of Xenia, an Xbox 360 emulator, added an anti-feature that plays loud noises when loading ISO images, together with nagging messages about "piracy".
      • Said developer revealed to be a Discord moderator that happened to get tired of people asking for support without proving an ownership of the game.
      • After backlash, the developer nukes his account with other contributors cleaning up the mess later.
    • Journalism

Yuzu-Emu/Yuzu

Zedeus/Nitter

  • zedeus/nitter/issues/983
    • Users report that Nitter, a privacy-focused Twitter/X frontend, has stopped working due to changes or blocks implemented by Twitter/X.

Zenparsing/Es-Observable

Zloirock/Core-js


See also