Let's be real: If someone's hammering our repos with legit downloads, we'll happily absorb the hitāthat's the open-source tax.
But here's the spicy meatball: This clown isn't downloading squat. Their script exclusively blasts hub APIs while avoiding resolve APIs like a vampire dodging garlic bread. Translation: zero actual data transfer, maximum resource sabotage.
Even if we charitably assume it's some botched script stuck in a retry hellscape (we've all been there), we're talking 1000+ calls in 2 minutes flat
Bottom line for @huggingface:
- For internal screwups (e.g. DeepGHS, which has hundreds of members): Let us trace which member's Franken-script nuked the API quota so we can talk to him.
- For external attackers: Give us IPs/accounts to banāor at least let us throttle anonymous traffic before they turn our community hub into their personal stress ball.
Open-source shouldnāt mean "open season for API carpet-bombing." š„
