As I understand, there are currently no real guidelines for this, even though AI is currently a big topic in FOSS.
In my opinion, AI can be quite dangerous for free software and that's why we really need to discuss how we can address this issue. Here are some of the reasons for that:
- Poor quality, insecure code: AI still produces hard to maintain code, that is often severely insecure. Even if you check every line of code carefully, there is a good chance you overlook something, because you won't fully understand the code, you haven't written yourself
- Licensing issues: AI often reproduces code from it's training material, which could be incompatible with this codes license
- Legal trouble: The legality of the copyright about AI is not yet really settled, so it could be a big legal risk to have AI-code in your codebase
- Ethics: AI systematically exploits the work of all open source contributors for the profit of big companies. We as part of the free software movement should reject this more openly
My idea for this policy was, that we should definetely demand for AI generated code to be marked as such (you have to disclose in your commits, if you have used AI for that). I think we should also ban entirely AI-generated PRs aswell, because they produce more work for the maintainers than they actually help with anything. Were I am not quite sure yet, is how we handle the case when someone used AI just as autocomplete, but wrote most of the code themselves? You should probably also have to disclose that, do you think we should ban something like that?
Looking forward to hear what you think about this!
I am not going to name names or point to specific PRs so as not to shame anybody since that isn't my intention, but we have had a couple AI-assisted PRs in the past and rimu has generally not been very receptive to them. I even really liked the functionality that one of them provided. However, they have generally been huge in that it is a ton of very verbose code that is difficult to review. I don't believe that he has an official policy on AI-assisted contributions other than that it is easy enough to review and confirm that it is working as intended as well as not completely changing up coding style and conventions we have used elsewhere.
As a bit of disclosure, I have occasionally used very basic AI queries to help me understand something in a python library I haven't used before or couldn't find docs about. A specific case I remember was that I didn't understand how to do something in the
orjsonlibrary and I couldn't find a good example in their docs or on stack overflow. Out of desperation I asked ChatGPT and it gave me a minimum viable example that I was able to adapt to what I needed. I have done similar a couple times when trying to craft regular expressions as well as dealing with some edge cases in themarshmallowpython library that I couldn't find answers for in their docs. I do make sure to test any code I write to make sure that I wasn't just fed a hallucination or something that applied for an older version of the library but is out of date now.With reviews mentioned, what will be the PieFed stance about using LLM "agents" for the reviews themselves? Do the reasons that apply to contributions also apply to maintenance work, or how do they differ? Interested in reading developer and community opinions.