If you don’t onboard contributors proactively, then you're selecting project members for their social engineering abilities.
New blog post on #onboarding in #FOSS projects, reflecting on the "Pull Request Hack":
https://antonin.delpeuch.eu/posts/the-pull-request-hack-is-not-enough/