Other people apparently don't have this feeling at all. Maybe I shouldn't have been surprised by this, but I've definitely been caught off guard by it.

"This person contributed to a lot of projects" heuristic for "they're a good and passionate developer" means people will increasingly game this using low-quality submissions. This has been happening for years already.

Of course, AI just added kerosene to the fire, but re-read the policy and omit AI and it still makes sense!

A long term fix for this is to remove the incentive. Paradoxically, AI might help here because this can so trivially be gamed that it's obvious it's not longer any kind of signal.

Covers most of the points I'm sure many of us have experienced here while developing with AI. Most importantly, AI generated code does not substitute human thinking, testing, and clean up/rewrite.

On that last point, whenever I've gotten Codex to generate a substantial feature, usually I've had to rewrite a lot of the code to make it more compact even if it is correct. Adding indirection where it does not make sense is a big issue I've noticed LLMs make.

Finally an AI policy I can agree with :) jokes aside, it might sound a bit too agressive but it's also true that some people have really no shame into overloading you with AI generated shit. You need to protect your attention as much as you can, it's becoming the new currency.

Maybe a bit unlikely, but still an issue no one is really considering.

There has been a single ruling (I think) that AI generated code is uncopyrightable. There has been at least one affirmative fair use ruling. Both of these are from the lower courts. I'm still of the opinion that generative AI is not fair use because its clearly substitutive.

“ Ultimately, I want to see full session transcripts, but we don't have enough tool support for that broadly.”

I have a side project, git-prompt-story to attach Claude Vode session in GitHub git notes. Though it is not that simple to do automatic (e.g. i need to redact credentials).

In the old era, the combination 'it works' + 'it uses a sophisticated language' + 'it integrates with a complex codebase' implied that this was an intentional effort by someone who knew what they were doing, and therefore probably safe to commit.

We can no longer make that social assumption. So then, what can we rely on to signal 'this was thoroughly supervised and reviewed and understood and tested?' That's going to be hard and subjective.

Personal reputations and track records are pedigrees and brands are going to become more important in the industry; and the meritocratic 'code talks no matter where you came from' ethos is at risk.

My former boss often shared the words of his father: "A fool with a tool...is still a fool!"

Even more true with AI.

I find this distinction between media and text/code so interesting. To me it sounds like they think "text and code" are free from the controversy surrounding AI-generated media.

But judging from how AI companies grabbed all the art, images, videos, and audio they could get their hands on to train their LLMs it's naive to think that they didn't do the same with text and code.

What's the reason for this?

Media is the most likely thing I'd consider using AI for as part of a contribution to an open source project.

My code would be hand crafted by me. Any AI use would be similar to Google use: a way to search for examples and explanations if I'm unclear on something. Said examples and explanations would then be read, and after I understand what is going on I'd write my code.

Any documentation I contributed would also be hand written. However, if I wanted to include a diagram in that documentation I might give AI a try. It can't be worse than my zero talent attempts to make something in OmniGraffle or worse a photograph of my attempt to draw a nice diagram on paper.

I'd have expected this to be the least concerning use of AI.

Our evolving AI policy is in the same spirit as ghostty's, with more detail to address specific failure modes we've experienced: https://zulip.readthedocs.io/en/latest/contributing/contribu...

You'd need that kind of sharp rules to compete against unhinged (or drunken) AI drivers and that's unfortunate. But at the same time, letting people DoS maintainers' time at essential no cost is not an option either.

But now we have some kind of electronic brains that can also generate code, not at the level of the best human brains out there but good enough for most projects. And they are quicker and cheaper than humans, for sure.

So maybe in the end this will reduce the need for human contributions to opensource projects.

I just know that as a solo developer AI coding agents enable me to tackle projects I didn't think about event starting before.

Sanitization practices of AI are bad too.

Let me be clear nothing wrong with AI in your workflow, just be an active participator in your code. Code is not meant to be one and done.

You will go through iteration after iteration, security fix after fix. This is how development is.

on a related note: i wish we could agree on rebranding the current LLM-driven never-gonna-AGI generation of "AI" to something else… now i'm thinking of when i read the in-game lore definition for VI (Virtual Intelligence) back when i played mass effect 1 ;)

The fact that some people will straight up lie after submitting you a PR with lots of _that type_ of comment in the middle of the code is baffling!

I might copy it for my company.

I can see this being a problem. I read a thread here a few weeks ago where someone was called out on submitting an AI slop article they wrote with all the usual tells. They finally admitted it but said something to the effect they reviewed it and stood behind every line.

The problem with AI writing is at least some people appear incapable of critically reviewing it. Writing something yourself eliminates this problem because it forces you to pick your words (there could be other problems of course).

So the AI-blind will still submit slop under the policy but believe themselves to have reviewed it and “stand behind” it.

I work in a team of 5 great professionals, there hasn't been a single instance since Copilot launched in 2022 that anybody, in any single modification did not take full responsibility for what's been committed.

I know we all use it, to different extent and usage, but the quality of what's produced hasn't dipped a single bit, I'd even argue it has improved because LLMs can find answers easier in complex codebases. We started putting `_vendor` directories with our main external dependencies as git subtrees, and it's super useful to find information about those directly in their source code and tests.

It's really as simple. If your teammates are producing slop, that's a human and professional problem and these people should be fired. If you use the tool correctly, it can help you a lot finding information and connecting dots.

Any person with a brain can clearly see the huge benefit of these tools, but also the great danger of not reviewing their output line by line and forfeiting the constant work of resolving design tensions.

Of course, open source is a different beast. The people committing may not be professionals and have no real stakes so they get little to lose by producing slop whereas maintainers are already stretched in their time and attention.

Another idea is to simply promote the donation of AI credits instead of output tokens. It would be better to donate credits, not outputs, because people already working on the project would be better at prompting and steering AI outputs.

What I’m seeing: a flood of new repos appearing on GitHub with huge codebases and "extensive" documentation, often produced in two or three commits. The problem is that nobody uses them, nobody reads the docs, and many of these projects don’t provide real value. But the infrastructure cost is real: storing it all, indexing it, scanning it, backing it up, mirroring it....

Licensing is another issue. Licenses protect against copying, but AI changes totally the game: someone can download a repo, ask Claude to analyze and understand it, and then generate a similar solution with no verbatim copying. That’s likely legal... So GPL becomes irrelevant..

If that becomes normal, I can easily imagine companies pulling back from open source. Why publish your best work if anyone can cheaply reimplement it? Code will move back to closed source and become the "secret sauce" again. A black box is harder to vibe-code than an open source repo...

Surely they are incapable of producing slop because they are just so much smarter than everyone else so the rules shouldn't apply to them, surely.

But I've never had the gall to let my AI agent do stuff on other people's projects without my direct oversight.

Moreover this policy is strictly unenforceable because good AI use is indistinguishable from good manual coding. And sometimes even the reverse. I don't believe in coding policies where maintainers need to spot if AI is used or not. I believe in experienced maintainers that are able to tell if a change looks sensible or not.

EDIT: I'm getting downvoted with no feedback, which is fine I guess, so I am just going to share some more colour on my opinion in case I am being misunderstood

What I meant with analogous to phishing is that the intent for the work is likely the one of personal reward and perhaps less of the desire to contribute. I was thinking they want their name on the contributors list, they want the credit, they want something and they don't want to put effort on it.

Do they deserve to be ridiculed for doing that? Maybe. However, I like to think humans deserve kindness sometimes. It's normal to want something, and I agree that it is not okay to be selfish and lazy about it (ignoring contribution rules and whatnot), so at minimum I think respect applies.

Some people are ignorant, naive, and are still maturing and growing. Bullying them may not help (thought it could) and mockery is a form of aggression.

I think some true false positives will fall into that category and pay the price for those who are truly ill intended.

Lastly, to ridicule is to care. To hate or attack requires caring about it. It requires effort, energy, and time from the maintainers. I think this just adds more waste and is more wasteful.

Maybe those wordings are there just to 'scare' people away and maintainers won't bother engaging, though I find it is just compounding the amount of garbage at this point and nobody benefits from it.

Anyways, would appreciate some feedback from those of you that seem to think otherwise.

Thanks!

PS: What I meant with ghostty should "ghost" them was this: https://en.wikipedia.org/wiki/Shadow_banning

Are images somehow better? If one draws, is he better the one that writes code? Why protect one and not the other. Or why protect any form at all?

Interesting requirement! Feels a bit like asking someone what IDE they used.

There shouldn't be that meaningful of a difference between the different tools/providers unless you'd consistently see a few underperform and would choose to ban those or something.

The other rules feel like they might discourage AI use due to more boilerplate needed (though I assume the people using AI might make the AI fill out some of it), though I can understand why a project might want to have those sorts of disclosures and control. That said, the rules themselves feel quite reasonable!