36 comments

[ 3.7 ms ] story [ 40.5 ms ] thread
A QGIS-Developer post, original title anyone else get a vague github shakedown notice? is this about qgis?
I don't think I believe you.
I got the same email, and I don't have a credit card on file with them. I wonder what they're going to do?
Is this really the normal way to do this in the US? Does no billing info mean you’re immune? If they have your real name in Germany, they would just send it to collections and get their money if you really owe them something, even if they don’t have a way to charge it directly themselves.
Yeah, as far as I know. Also github doesn't have my real name, for instance. I am sure they could know it, but I never agreed to any billing, either.
Generally yes, though I remember seeing a post on hacker news in the past month where a SAAS sent an invoice after the free trial ended rather than terminating it.

I always expect a failed billing or no billing info after a trial to cancel and not be pursued (I regularly do trials with a temp card that I immediately de-activate so it cannot be billed in case I forget to cancel)

(comment deleted)
This would be fairly uncommon for consumer facing services in the US, outside of medical services.

I guess if you signed up for a cell phone contract and didn’t pay after the first month, and didn’t have a billing method set, it would go to collections. Things like that are generally uncommon though. It usually only happens with things like medical services, loans, auto repair, home repair/contractor services, and contractual services such as cell phone plans and utilities.

No, nobody is getting bills from GitHub for trivial things they didn't sign up for. This feature wasn't even available on free personal accounts.

One of the organizations they're a part of has it enabled. The e-mail should have had more details, but they only cut out a little section.

The person posting this is confused because they think they're getting the bill. The e-mail says it's about the organization. The organization admin controls billing.

And no, a SaaS service isn't going to send anyone to collections for a small feature like this. If you don't pay your bill the service just gets turned off until you pay it. You have to get a substantial balance accumulated before it becomes something they send to collections.

I'm sure they could technically do that if they have the right wording in their terms. But most consumer services are not actually going to give you a paid service without billing info, because it'd create such a headache for them to collect.

Even if they sell the debt to collections, the collections service is probably only going to pay them fractions of pennies on the dollar, since "bill for random service someone signed up for the internet" is not likely to have a high recovery rate.

The e-mail is pretty clear that it's about an organization. You can't even enable this feature on free personal accounts.

It must be some organization you're a member of.

I am the organization owner, so I still got confused.
Hi, I'm the PM at GitHub in charge of this feature - this feature only charges to organizations/enterprises, not to individuals. If you don't have payment set up the feature will just stop working, I'm not going to come track you down or anything.
What about this email is a "shakedown"?
I was thinking the same thing, but I think it's down to this person not actually using the thing that GitHub are saying is moving to a paid service. It's hard to stop using something you don't use.
The part where it says they are about to start taking your money?
The wording could have been more clear: Instead of "what you'll pay" it should have said "what your organization will pay".

Everything else about the e-mail is clear that it's about the organization, though. I don't know why this person would think they're going to start getting bills "per committer" of the organization where they're not already the responsible party for billing. Like GitHub just decided that they're going to start billing this one person for every committer in the org, but only for this one feature?

No, I didn't, because I quit GitHub when they started demanding mandatory SMS 2FA
This links to this, which says

https://docs.github.com/en/code-security/concepts/about-code...

> GitHub Code Quality is currently in public preview and will become generally available on July 20, 2026. During public preview, Code Quality scans will consume GitHub Actions minutes but you will not be billed for other usage. From July 20, 2026, usage will incur additional charges. See GitHub Code Quality billing.

>If you want to avoid charges, disable Code Quality before July 20, 2026. See Disabling GitHub Code Quality.

https://docs.github.com/en/code-security/how-tos/maintain-qu...

>( Repo > Settings > Code Quality)

I don't see that tab, so either the docs are out of date, and it's called something else now, or it's not on all accounts/all repos. (Due to being in preview?) I don't know.

> I don't see that tab, so either the docs are out of date, and it's called something else now, or it's not on all accounts/all repos.

Correct. It's only for certain plans like GitHub Team and Enterprise Cloud.

The weird part about this e-mail is that they said they recently left some organizations because "the tone of the paid services" increased. So either they're still a member of one of these organizations, or GitHub mistakenly sent the e-mail to past members?

It sounds like they gave you a feature for free you didn't want, and now are trying to charge for it. Very much a dark pattern.
The person writing this doesn't have the feature. It would have had to be enabled by someone on a GitHub org they were a member of.

It's not even available on personal free plans like the person says they have. Either the e-mail was sent in error, or it's enabled by someone else in an organization they're a member of.

I'm a GitHub admin. Did not receive this e-mail. We don't have the GitHub Code Quality feature enabled anywhere, though.

The e-mail seems clear: Someone enabled the feature in the organization. The feature was in free preview, but the free preview is ending. If they leave it enabled, it will be billed at the new rate.

It's pretty clear that "organization" is being used throughout the e-mail, so they're not referring to this person's free personal GitHub account.

How can you possibly bill someone without billing information?
> How can you possibly bill someone without billing information?

The person is confused. They're not getting billed.

The organization's responsible billing contact would get billed.

This feature can't even be enabled on free, personal accounts.

Its just a normal letter containing the details on what to expect, its more of a heads-up than a shake down to me. If the billing information is not there and account still continue to use the feature then the account would be disabled or something similar. Question is, should the email have all the if-else situations, probably not feasible.
If you owe someone money and they have any identifying information at all, they can chase the debt in court. Maybe get a lien on your bank account or garnish your wages.
It is as true as sky is blue, not always, it is a bit complicated, and so on.
Uh? What? Shakedown? You enabled a free preview of a paid service, they are now letting you know what it will cost to continue to use a paid for service, how on earth is this a 'shake down'? GitHub deserves a lot of crap, but not for this.
This is about an optional setting for org admins you need to disable in the repo settings, Security and Quality. Not vague at all.
Hi, I'm the PM who sent out this email! This email only went out to enterprise admins where there's an org somewhere that has Code Quality enabled on some repository. It's very possible that, due to what you mentioned about adjusting roles and organization membership recently, that it no longer applies to you and we didn't update our filter in time.

To be super sure that you turn it off everywhere if you don't want to pay for it, go to any organizations you're the admin for, and go to Settings > Code Quality (it'll be in the left side bar), say "No repos" for the "Repo Access" dropdown, and turn on enforcement - it'll then turn it off everywhere in the org and stop it from being turned back on (in very large orgs, this can take a few minutes to propagate).