[edwcross]

The patch itself is indeed worse than useless, it's the kind of rephrasing just to say "I did something", but which actually makes it worse (adds useless words and English mistakes). If the "kid" is ready to send this kind of useless "contribution" (which takes some deliberate effort), they surely are ready for being reprimanded (or, more likely, they will be actually proud of it).

[vesinisa]

Either way, it's pointless to "reprimand" the perpetrator. This could have just as well been a deliberate spam attack eg. someone using the @-mention to promote their scam-coin or penis enlargement product (and some people in the thread seem to have already used the opportunity to promote their band etc.) Telling a spammer they are doing an evil thing is obviously useless as they are well aware of it. This should be viewed and handled as a security / access control failing on Epic's part - that this was ever possible was a mistake and only a question of timing when someone would stumble upon the vulnerability. Whether their purposes for exploiting it are nefarious, sincere or even accidental is irrelevant.

[edwcross]

On the one hand, I agree that paying attention to the spammer is bad; on the other, I do believe there might be some use in publicly stating that such PRs will never be merged and are frowned upon; hopefully other people reading (many of them likely beginner programmers) will get the message. But there's likely a better way to do the "teaching" without drawing any attention to the perpetrator.

[kevincox]

Reprimanding for the useless PR and rude tone makes sense.

But tagging half a million people was clearly an accident that should be better protected against.