My two cents: I've been coding practically my entire life, but a few years back I sustained a pretty significant and lasting injury to my wrists. As such, I have very little tolerance for typing. It's been quite a problem and made full time work impossible.
With the advent of LLMs, AI-autocomplete, and agent-based development workflows, my ability to deliver reliable, high-quality code is restored and (arguably) better. Personally, I love the "hallucinations" as they help me fine-tune my prompts, base instructions, and reinforce intentionality; e.g. is that >really< the right solution/suggestion to accept? It's like peer programming without a battle of ego.
When analyzing problems, I think you have to look at both upsides and downsides. Folks have done well to debate the many, many downsides of AI and this tends to dominate the conversation. Probably thats a good thing.
But, on the flip side, I personally advocate hard for AI from the point-of-view on accessibility. I know (more-or-less) exactly what output I'm aiming for and control that obsessively, but it's AI and my voice at the helm instead of my fingertips.
I also think it incorrect to look at it from a perspective of "does the good outweigh the bad?". Relevant, yes, but utilitarian arguments often lead to counter-intuitive results and end up amplifying the problems they seek to solve.
I'd MUCH rather see a holistic embrace and integration of these tools into our ecosystems. Telling people "no AI!" (even if very well defined on what that means) is toothless against people with little regard for making the world (or just one specific repo) a better place.
> I'd MUCH rather see a holistic embrace and integration of these tools into our ecosystems. Telling people "no AI!" (even if very well defined on what that means) is toothless against people with little regard for making the world (or just one specific repo) a better place.
That doesn't address the controversy because you are a reasonable person assuming that other people using AI are reasonable like you, and know how to use AI correctly.
The rumors we hear have to do with projects inundated with more pull requests that they can review, the pull requests are obviously low quality, and the contributors' motives are selfish. IE, the PRs are to get credit for their Github profile. In this case, the pull requests aren't opened with the same good faith that you're putting into your work.
In general, a good policy towards AI submission really has to primarily address the "good faith" issue; and then explain how much tolerance the project has for vibecoding.
No AI needed. Spam on the internet is a great example of the amount of unreasonable people on the internet. And for this I'll define unreasonable as "committing an action they would not want committed back at them".
AI here is the final nail in the coffin that many sysadmins have been dealing with for decades. And that is that unreasonable actors are a type of asymmetric warfare on the internet, specifically the global internet, because with some of these actors you have zero recourse. AI moved this from moderately drowning in crap to being crushed under an ocean of it.
Going to be interesting to see how human systems deal with this.
> The rumors we hear have to do with projects inundated with more pull requests that they can review, the pull requests are obviously low quality, and the contributors' motives are selfish. IE, the PRs are to get credit for their Github profile. In this case, the pull requests aren't opened with the same good faith that you're putting into your work.
"Open source" does not mean "open contribution", i.e. just because the software is open source does not imply that your contribution (or in particular a not-high-effort contribution) is welcome.
A well-known application that is open source in the strictest sense, but not open contribution is SQLite.
> The rumors we hear have to do with projects inundated with more pull requests that they can review, the pull requests are obviously low quality, and the contributors' motives are selfish.
There's a way to handle this: put an automatic AI review of every PR from new contributors. Fight fire with fire.
(Actually, this was the solution for spam even before LLMs. See "A plan for SPAM" by Paul Graham. Basically, if you have a cheap but accurate filter (specially, a filter you can train for your own patterns), it should be enabled as a first line of defense. Anything the filter doesn't catch and the user had to manually mark as spam should become data to improve the filter)
Moreover, if the review detects LLM-generated content but the user didn't disclose it, maybe there should be consequences
I see the solution as only engaging with reasonable persons and ignore the rest.
And the problem is filtering them out. That is real work that can be draining and demoralizing as unreasonable persons usually have their sad story why they are the way they are, but you cannot do therapy or coaching for random strangers while trying to get a project going.
So if people contribute good things, engage with them. If they contribute slob (AI generated or not) - you say no to them.
How is an AI policy going to help prevent bad faith actors, though?
People who are doing those harmful things with AI aren’t going to stop because of a policy. They are just going to lie and not admit their submissions are AI generated.
At that point, you will still have to review the code and reject it if it is bad quality, just like you had to without an AI policy. The policy doesn’t make it any easier to filter out the bad faith AI submissions.
In fact, if we DO develop an efficient way to weed out the bad faith PRs that lie about using AI, then why do we need the policy at all? Just use that same system to weed out the bad submissions, and just skip the policy completely.
> But, on the flip side, I personally advocate hard for AI from the point-of-view on accessibility. I know (more-or-less) exactly what output I'm aiming for and control that obsessively, but it's AI and my voice at the helm instead of my fingertips.
This is the technique I've picked up and got the most from over the past few months. I don't give it hard, high-level problems and then review a giant set of changes to figure it out. I give it the technical solution I was already going to implement anyway, and then have it generate the code I otherwise would have written.
It cuts back dramatically on the review fatigue because I already know exactly what I'm expecting to see, so my reviews are primarily focused on the deviations from that.
The only issue to beat in mind is that visual inspection is only about 85% accurate at its limit. I was responsible for incoming inspection at a medical device factory and visual inspection was the least reliable test for components that couldn’t be inspected for anything else. We always preferred to use machines (likes big CMM) where possible.
I also use LLM assistance, and I love it because it helps my ADHD brain get stuff done, but I definitely miss stuff that I wouldn’t miss by myself. It’s usually fairly simple mistakes to fix later but I still miss them initially.
This, and I curate a tree of MD docs per topic to define the expected structure. It is supposed to output code that looks exactly like my code. If not, I manually edit it and perhaps update the docs.
This is how I've found myself to be productive with the tools, or since productivity is hard to measure, at least it's still a fun way to work. I do not need to type everything but I want a very exact outcome nonetheless.
Similar story, albeit not so extreme. I have similar ergonomic issues that crop up from time to time. My programming is not so impacted (spend more time thinking than typing, etc), but things like email, documentation, etc can be brutal (a lot more computer usage vs programming).
My simple solution: I use Whisper to transcribe my text, and feed the output to an LLM for cleanup (custom prompt). It's fantastic. Way better than stuff like Dragon. Now I get frustrated with transcribing using Google's default mechanism on Android - so inaccurate!
But the ability to take notes, dictate emails, etc using Whisper + LLM is invaluable. I likely would refuse to work for a company that won't let me put IP into an LLM.
Similarly, I take a lot of notes on paper, and would have to type them up. Tedious and painful. I switched to reading my notes aloud and use the above system to transcribe. Still painful. I recently realized Gemini will do a great job just reading my notes. So now I simply convert my notes to a photo and send to Gemini.
I categorize all my expenses. I have receipts from grocery stores where I highlight items into categories. You can imagine it's painful to enter that into a financial SW. I'm going to play with getting Gemini to look at the photo of the receipt and categorize and add up the categories for me.
All of these are cool applications on their own, but when you realize they're also improving your health ... clear win.
> I'm going to play with getting Gemini to look at the photo of the receipt and categorize and add up the categories for me.
FWIW, I have a pet project for a family recipe book. I normalize all recipes to a steps/instructions/ingredients JSON object. A webapp lets me snap photos of my old recipes and AI reliably yields perfectly structured objects back. The only thing I've had to fix is odd punctuation. For production, use is low, so `gemini-2.5-flash` works great and the low rate limits are fine. For development the `gemma-3-27b-it` model has MUCH higher limits and still does suprisingly well.
I'd bet you can pull this off and be very happy with the result.
I maintain expense tracking software that I wrote a while ago (before ChatGPT) that sends receipts and some metadata about them into Google Sheets (previously Expensify). A few months ago, I used Claude to add a feature that does exactly what you describe, but using the data types and framework I built for receipt parsing. It works really well.
Honestly, you can probably build what I built entirely with Gemini or Claude, probably with a nice frontend to boot.
> I'd MUCH rather see a holistic embrace and integration of these tools into our ecosystems.
I understand that your use case is different, so AI may help handicapped people. Nothing wrong with that.
The problem is that the term AI encompasses many things, and a lot of AI led to
quality decay. There is a reason why Microsoft is now called Microslop. Personally I'd much prefer for AI to go away. It won't go away, of course, but I still would like to see it gone, even if I agree that the use case you described is objectively useful and better for you (and others who are handicapped).
> I also think it incorrect to look at it from a perspective of "does the good outweigh the bad?". Relevant, yes, but utilitarian arguments often lead to counter-intuitive results and end up amplifying the problems they seek to solve.
That is the same for every technology though. You always have a trade-off. So I don't think the question is incorrect at all - it applies the same just as it is for any other technology, too. I also disagree that utilitarian arguments by their intrinsic nature lead to counter-intuitive results. Which result would be counter-intuitive when you analyse a technology for its pros and cons?
I'm in a very similar situation: I have RSI and smarter-autocomplete style AI is a godsend. Unlike you I haven't found more complex AI (agent mode) particularly useful though for what I do (hard realtime C++ and Rust). So I avoid that. Plus it takes away the fun part of coding for me. (The journey matters more than the destination.)
The accessibility angle is really important here. What we need is a way to stop people who make contributions they don't understand and/or can not vouch they are the author for (the license question is very murky still, and no what the US supreme court said doesn't matter here in EU). This is difficult though.
If you sign off the code and put your expertise and reputation behind it, AI becomes just an advanced autocomplete tool and, as such, should not count in “no AI” rules. It’s ok to use it, if that enables you to work.
this sounds reasonable, but in practice people will simply sign off on anything without having thoroughly reviewed it.
I agree with you that there's a huge distinction between code that a person understands as thoroughly as if they wrote it, and vibecoded stuff that no person actually understands. but actually doing something practical with that distinction is a difficult problem to solve.
> If you sign off the code and put your expertise and reputation behind it, AI becomes just an advanced autocomplete tool and, as such, should not count in “no AI” rules.
No, it's not that simple. AI generated code isn't owned by anyone, it can't be copyrighted, so it cannot be licensed.
This matters for open source projects that care about licensing. It should also matter for proprietary code bases, as anyone can copy and distribute "their" AI generated code for any purpose, including to compete with the "owner".
this is equivalent to claiming that automation has no negative side effects at all.
we do often choose automation when possible (especially in computer realms), but there are endless examples in programing and other fields of not-so-surprising-in-retrospect failures due to how automation affects human behavior.
so it's clearly not true. what we're debating is the amount of harm, not if there is any.
This isn't an issue of "nobody can use this" but an "everyone can use this", i.e. projects can use AI generated code just fine and they own the copyright to any modifications they do to it.
Think of it like random noise in an image editor: you do own the random pixels since they're generated by the computer, but you can still use them as part of making your art - you do not lose copyright to your art because you used a random noise filter.
It's great that LLMs helped you but do you recognize that they are trained on thousands, perhaps millions of lifetimes of human work without the consent of the original authors and often quite explicitly against their will and their chosen license?
These people (myself included) made their work available free of charge under some very friendly conditions such as being credited or sharing work built upon theirs under the same license. Now we are being shit on because obscenely rich people think we are no longer relevant and that they can get away with it.
What happens to you if, say 2 years down the line, "AI" or AI has absorbed all your knowledge and can do all of your work instead of you better and faster? Do you imagine you'll keep paying for AI and having it work for you or can you also imagine a future where AI companies decide to cut out the middle-man (you) and take over your customers directly?
> I'd MUCH rather see a holistic embrace and integration of these tools into our ecosystems. Telling people "no AI!" (even if very well defined on what that means) is toothless against people with little regard for making the world (or just one specific repo) a better place.
If it makes them go thru AI contributions to make sure there is no AI nonsense in them, that's already massive win.
The AI on itself is not a problem
> But, on the flip side, I personally advocate hard for AI from the point-of-view on accessibility. I know (more-or-less) exactly what output I'm aiming for and control that obsessively, but it's AI and my voice at the helm instead of my fingertips.
and you are the 1% (assuming your claims are true and not hallucinated gains, which are common in AI world too), vast majority of AI contributions are peak lazy, or at best goal-seeking with no regard of the target, consequences or quality
THAT is what people complain about. If AI was just used to shortcut the boring, augument the knowledge and produce better quality code, there would be very little arugments against AI-driven contributions. But that is not the case, the AI pundits will purposefully not check the AI output just because that would require time and knowledge and that looks bad on "how faster AI makes you" KPI
A few years ago I was in a place where I couldn't type on a computer keyboard for more than a few minutes without significant pain, and I fortunately had shifted into a role where I could oversee a bunch of junior engineers mostly via text chat (phone keyboard didn't hurt my hands as much) and occasional video/voice chat.
I'm much better now after tons of rehab work (no surgery, thankfully), but I don't have the stamina to type as much as I used to. I was always a heavy IDE user and a very fast coder, but I've moved platforms too many times and lost my muscle memory. A year ago I found the AI tools to be basically time-wasters, but now I can be as productive as before without incurring significant pain.
>Personally, I love the "hallucinations" as they help me fine-tune my prompts, base instructions, and reinforce intentionality
This reads almost like satire of an AI power user. Why would you like it when an LLM makes things up? Because you get to write more prompts? Wouldn't it be better if it just didn't do that?
It's like saying "I love getting stuck in traffic because I get to drive longer!"
Sorry but that one sentence really stuck out to me
You worked with people before haven't you? Sometimes they make stuff up, or misremember stuff. Sometimes people who do this are brilliant and you end up learning a lot from them.
I can’t say what the OP finds specifically useful but as an example if you’re aiming to make sure you’ve accurately and clearly documented / explained your intent, the misunderstandings and tangents AIs can go down are useful in the same way that putting your theoretically perfect UI into the hands of real users is also useful. It helps you want places where you assumed knowledge or understanding that someone else might not have.
Building up style guidelines for AI tools has been an eye opening experience in realizing how many stylistic choices we make that aren’t embedded in the linter, and aren’t documented anywhere else either. The resulting files have actually been a really good resource not just for the AI but for new developers on the project too.
I like it because I have no expectation of perfection-- out of others, myself, and especially not AI. I expect "good enough" and work upwards from there, and with (most) things, I find AI to be better than good enough.
Fwiw, I try to make sure we have an accessibility focused talk every year (if possible) at the Carolina Code Conference. Call for Speakers is open right now if you'd be interested in submitting something on your story.
Putting aside the specifics for a second, I'm sorry to hear about your injury and glad you've found workarounds. I also think high-quality voice transcription might end up being a big thing for my health (there's no way typing as much as I do, in the positions I do, is good).
Much appreciated. I find is that referencing code in conversation is hard -- e.g. "underscore foo bar" vs `_fooBar`, "this dot Ls" vs `this.els`, etc happens often. Lower-powered models especially struggle with this, and make some frustrating assumptions. Premium models do way better, and at times are shockingly good. They just aren't remotely economically viable for me.
My solution so far is to use my instructions to call out the fact that my comments are transcribed and full of errors. I also focus more on "plan + apply" flows that guide agents to search out and identify code changes before anything is edited to ensure the relevant context (and any tricky references) are clearly established in the chat context.
It's kinda like learning vim (or emacs, if you prefer). First it was all about learning shortcuts and best practices to make efficient use of the tool. Then it was about creating a good .vimrc file to further reduce the overhead of coding sessions. Then it was about distributing that .vimrc across machines (and I did a LOT of ssh-based work) for consistency. Once that was done, it became unimaginable to code any other way.
It has been even more true here: agent-based workflows are useless without significant investment in creating and maintaining good project documentation, agent instructions, and finding ways to replicate that across repos (more microservice hell! :D) for consistency. There is also some conflict, especially in corporate environments, with where this information needs to live to be properly maintained.
On the code side of the issue, I would say that AI completion and chat are ok because people are still forced to interact with the generated code. When coding with agents people have to go out of their way to do it
lol You are actually trying to argue and say "Oh actually, I love how AI fucks up, it makes me keep on my toes."
That's like saying I love hiring fuck ups that randomly do out of context and out of ruleset work for me when I ask them to perform tasks.
I would also argue to you that "folks" have done more well to debate the upsides of AI. It is pretty much all I ever see when I come to this website any more the last couple of years. Oh, and by coincidence, the operator/owner of the website just happens to be at the helm of ChatGPT. How convenient.
As someone who got a pretty severe case of carpal tunnel in his youth that can still blow up today, I have to admit I have worried about my ability to work. "Will I have to become a manager?" Etc.
This resonates. Recently, I've started to consider Claude as a partner. I like how he's willing to accept he's wrong when you provide evidence. It can be more pleasant than working with humans.
Please don't anthropomorphize LLMs even further by assigning them gendered pronouns. LLMs are always "it"s. They're not alive, they're just really complicated linear algebra expressions. Prematurely anthropomorphizing them, even subtly like this, will come back to bite us if we keep doing it.
Glad to see this response, I was wondering the other day how the affected accessibility. I remember reading a thread a few years back of visually challenged developers and their work flow and was kinda surprised there has been such little discussion around developer accessibility with the advent of ai agents and coding routines.
I disagree. I've done nothing to argue that the harm isn't real, downplayed it, nor misrepresented it.
I do agree that at large, the theoretical upsides of accessibility are almost certainly completely overshadowed by obvious downsides of AI. At least, for now anyway. Accessibility is a single instance of the general argument that "of course there are major upsides to using AI", and there a good chance the future only gets brighter.
My point, essentially, is that I think this is (yet another) area in life where you can't solve the problem by saying "don't do it", and enforcing it is cost-prohibitive. Saying "no AI!" isn't going to stop PR spam. It's not going to stop slop code. What is it going to stop (see edit)? "Bad" people won't care, and "good" people (who use/depend-on AI) will contribute less.
Thus I think we need to focus on developing robust systems around integrating AI. Certainly I'd love to see people adopt responsible disclosure policies as a starting point.
--
[edit] -- To answer some of my own question, there are obvious legal concerns that frequently come up. I have my opinions, but as in many legal matters, especially around IP, the water is murky and opinions are strongly held at both extremes and all to often having to fight a legal battle at all* is immediately a loss regardless of outcome.
It's absolutely not a straw man, because OP and people like OP will be affected by any policy which limits or bans LLMs. Whether or not the policy writer intended it. So he deserves a voice.
Fantastic point. I do think there was a bit of an over correction toward AI hostility because capitalism, and for good reason, but it did almost make it taboo to talk about legitimate use cases that are not related to bad AI use cases like instigating nuclear wars in war game simulations.
I think the ugly unspoken truth whether Mozilla or Debian or someone else, is that there are going to be plausible and valuable use cases and that AI as a paradigm is going to be a hard problem the same way that presiding over, say, a justice system is a hard problem (stay with me). What I mean is it can have a legitimate purpose but be prone to abuse and it's a matter of building in institutional safeguards and winning people's trust while never fully being able to eliminate risk.
It's easy for someone to roll their eyes at the idea that there's utility but accessibility is perfect and clear-eyed use case, that makes it harder to simply default to hedonic skepticism against any and all AI applications. I actually think it could have huge implications for leveling the playing field in the browser wars for my particular pet issue.
The premise LLM are "AI" is false, but are good at problems like context search, and isomorphic plagiarism.
Given the liabilities of relying on public and chat users markdown data to sell to other users without compensation raises a number of issues:
1. Copyright: LLM generated content can't be assigned copyright (USA), and thus may contaminate licensing agreements. It is likely public-domain, but also may conflict with GPL/LGPL when stolen IP bleeds through weak obfuscation. The risk has zero precedent cases so far (the Disney case slightly differs), but is likely a legal liability waiting to surface eventually.
2. Workmanship: All software is terrible, but some of it is useful. People that don't care about black-box obfuscated generated content, are also a maintenance and security liability. Seriously, folks should just retire if they can't be arsed to improve readable source tree structure.
3. Repeatability: As the models started consuming other LLM content, the behavioral vectors often also change the content output. Humans know when they don't know something, but an LLM will inject utter random nonsense every time. More importantly, the energy cost to get that error rate lower balloons exponentially.
4. Psychology: People do not think critically when something seems right 80% of the time. The LLM accuracy depends mostly on stealing content, but it stops working when there is nothing left to commit theft of service on. The web is now >53% slop and growing. Only the human user chat data is worth stealing now.
5. Manipulation: The frequency of bad bots AstroTurf forums with poisoned discourse is biasing the delusional. Some react emotionally instead of engaging the community in good faith, or shill hard for their cult of choice.
6. Sustainability: FOSS like all ecosystems is vulnerable to peer review exhaustion like the recent xz CVE fiasco. The LLM hidden hostile agent problem is currently impossible to solve, and thus cannot be trusted in hostile environments.
7. Ethics: Every LLM ruined town economic simulations, nuked humanity 94% of the time in every war game, and encouraged the delusional to kill IRL
While I am all for assistive technologies like better voice recognition, TTS, and individuals computer-user interfaces. Most will draw a line at slop code, and branch to a less chaotic source tree to work on.
I think it is hilarious some LLM proponents immediately assume everyone also has no clue how these models are implemented. =3
Very reasonable stance. I see reviewing and accepting a PR is a question of trust - you trust the submitter to have done the most he can for the PR to be correct and useful.
Something might be required now as some people might think that just asking an LLM is "the most he can done", but it's not about using AI it's about being aware and responsible about using it.
Depends on the assumptions. If you assume good intent of the submitter and you spend time to explain what he should improve, why something is not good, etc, than it's a lot of effort. If you assume bad intent, you can just reject with something like "too large review from unproven user, please contribute something smaller first".
Yes, we might need to take things a bit slower, and build relations to the people you collaborate with in order to have some trust (this can also be attacked, but this was already possible).
> LLM generated content often (perhaps by definition) seems acceptable to LLMs.
In my experience (albeit with non-coding questions), ChatGPT 5.2 is often quite eager to critique snippets of its own replies from previous conversations. And reasoning models can definitely find flaws in LLM-written code.
> I see reviewing and accepting a PR is a question of trust
I think that's backwards, at least as far as accepting a PR. Better that all code is reviewed as if it is probably a carefully thought out Trojan horse from a dedicated enemy until proven otherwise.
I think this is actually a healthy stance. If you want to maintain patches against a project, just maintain a fork the project and if I want to pull in your changes I will. No direct submissions accepted is not the worst policy I think
Concerns about the wasting of maintainer’s time, onboarding, or copyright, are of great interest to me from a policy perspective. But I find some of the debate around the quality of AI contributions to be odd.
Quality should always be the responsibility of the person submitting changes. Whether a person used LLMs should not be a large concern if someone is acting in good-faith. If they submitted bad code, having used AI is not a valid excuse.
Policies restricting AI-use might hurt good contributors while bad contributors ignore the restrictions. That said, restrictions for non-quality reasons, like copyright concerns, might still make sense.
The core issue is that it takes a large amount of effort to even assess this, because LLM generated code looks good superficially.
It is said that static FP languages make it hard to implement something if you don't really understand what you are implementing. Dynamically typed languages makes it easier to implement something when you don't fully understand what you are implementing.
LLMs takes this to another level when it enables one to implement something with zero understanding of what they are implementing.
The people likely to submit low-effort contributions are also the people most likely to ignore policies restricting AI usage.
The people following the policies are the most likely to use AI responsibly and not submit low-effort contributions.
I’m more interested in how we might allow people to build trust so that reviewers can positively spend time on their contributions, whilst avoiding wasting reviewers time on drive-by contributors. This seems like a hard problem.
The real invariant is responsibility: if you submit a patch, you own it. You should understand it, be able to defend the design choices, and maintain it if needed
Ownership and responsibility are useless when a YouTuber tells it to their million followers that GitHub contributions are valued by companies and this is how you can create a pull request with AI in three minutes, and you get hundred low value noise PRs opened by university students from the other side of the globe. It’s Hacktoberfest on steroids.
"You committed it, you own it" can't even be enforced effectively at large companies, given employee turnover and changes in team priorities and recorgs. It's hard to see how this could be done effectively in open source projects. Once the code is in there, end users will rely on it. Other code will rely on it. If the original author goes radio silent it still can't be ripped out.
Trusted contributors using LLMs do not cause this problem though. It is the larger volume of low-effort contributions causing this problem, and those contributors are the most likely to ignore the policies.
Therefore, policies restricting AI-use on the basis of avoiding low-quality contributions are probably hurting more than they’re helping.
My question on AI generated contributions and content in general: on a long enough timeline, with ever improving advancements in AI, how can people reliably tell the difference between human and AI generated efforts?
Sure now it is easy, but in 3-10 years AI will get significantly better. It is a lot like the audio quality of an MP3 recording. It is not perfect (lossless audio is better), but for the majority of users it is "good enough".
At a certain point AI generated content, PR's, etc will be good enough for humans to accept it as "human". What happens then, when even the best checks and balances are fooled?
> My question on AI generated contributions and content in general: on a long enough timeline, with ever improving advancements in AI, how can people reliably tell the difference between human and AI generated efforts?
Can you reliably tell that the contributor is truly the author of the patch and that they aren't working for a company that asserts copyright on that code? No, but it's probably still a good idea to have a policy that says "you can't do that", and you should be on the lookout for obvious violations.
It's the same story here. If you do nothing, you invite problems. If you do something, you won't stop every instance, but you're on stronger footing if it ever blows up.
Of course, the next question is whether AI-generated code that matches or surpasses human quality is even a problem. But right now, it's academic: most of the AI submissions received by open source projects are low quality. And if it improves, some projects might still have issues with it on legal (copyright) or ideological grounds, and that's their prerogative.
Precisely. “AI” contributions should be seen as an extension of the individual. If anything, they could ask that the account belong to a person and not be a second bot only account. Basically, a person’s own reputation should be on the line.
Reputation isn't very relevant here. Yes, for established well known FOSS developers, their reputation will tank if they put out sloppy PRs and people will just ignore them.
But the projects aren't drowning under PRs from reputable people. They're drowning in drive-by PRs from people with no reputation to speak of. Even if you outright ban their account, they'll just spin up a new one and try again.
Blocking AI submissions serves as a heuristic to reduce this flood of PRs, because the alternative is to ban submissions from people without reputation, and that'd be very harmful to open source.
And AI cannot be the solution here, because open source projects have no funds. Asking maintainers to fork over $200/month for "AI code reviews" just kills the project.
> Precisely. “AI” contributions should be seen as an extension of the individual.
That's an OK view to hold, but I'll point out two things. First, it's not how the tech is usually wielded to interact with open-source software. Second, your worldview is at odds with the owners of this technology: the main reason why so much money is being poured into AI coding is that it's seen by investors as a replacement for the individual.
Of course you can tell. If someone suddenly submits a mountainous pile of code out of nowhere that claims to fix every problem, you can make a reasonable estimate that the author used AI. It's then equally reasonable to suggest said author might not have taken the requisite time and detail to understand the scope of the problem.
This is the basis of the argument - it doesn't matter if you use AI or not, but it does matter if you know what you're doing or not.
I don't know, it's a pretty leap for me to consider AI being hard to distinguish from human contributions.
AI is predictive at a token level. I think the usefulness and power of this has been nothing short of astonishing; but this token prediction is fundamentally limiting. The difference between human _driven_ vs AI generated code is usually in design. Overly verbose and leaky abstractions, too many small abstractions that don't provide clear value, broad sweeping refactors when smaller more surgical changes would have met the immediate goals, etc. are the hallmarks of AI generated code in my experience. I don't think those will go away until there is another generational leap beyond just token prediction.
That said, I used human "driven" instead of human "written" somewhat intentionally. I think AI in even its current state will become a revolutionary productivity boosting developer aid (it already is to some degree). Not dissimilar to a other development tools like debuggers and linters, but with much broader usefulness and impact. If a human uses AI in creating a PR, is that something to worry about? If a contribution can pass review and related process checks; does it matter how much or how little AI was used in it's creation?
Personally, my answer is no. But there is a vast difference between a human using AI and an AI generated contribution being able to pass as human. I think there will be increasing degrees of the former, but the latter is improbable to impossible without another generational leap in AI research/technology (at least IMO).
---
As a side note, over usage of AI to generate code _is_ a problem I am currently wrangling with. Contributors who are over relying on vibecoding are creating material overhead in code review and maintenance in my current role. It's making maintenance, which was already a long tail cost generally, an acute pain.
Obviously - it takes effort to hone the idea/spec, and it takes time to validate the result. Code being free doesn’t make a kernel patch free, though it would make it cheaper.
Because it might require time consuming testing, iterations, documentation etc.
If everything the maintainer wants can (hypothetically) be one-shotted, then there is no need to accept PR's at all. Just allow forks in case of open source.
Crystal ball, maybe, but 3 years ago, the AI generated classes with empty methods containing "// implement logic here" and now, AI is generating whole stack applications that run from the first try.
Past performance does not guarantee future results, of course. But acting like AI is now magically going to stagnate is also a really bold bet.
Whether the quality of the code is the responsibility of the submitter or not is kind of irrelevant though, because the cost of verifying that quality still falls on the maintainer. If every submitter could be trusted to do their due diligence then this cost would be less, but unfortunately they can't; it's human nature to take every possible shortcut.
The same way niche/luxury product and services compare to fast/cheap ones: they are made with focus and intent that goes against the statistical average, which also normally would take more time and effort to make.
McDonalds cooks ~great~ (edit: fair enough, decent) burgers when measured objectively, but people still go to more niche burger restaurants because they want something different and made with more care.
That's not to say that an human can't use AI with intent, but then AI becomes another tool and not an autonomous code generating agent.
Let's burn that bridge when we get to it. I'm not even sure what 2027 will look like at this rate. There's no point concerning about 2035 when things are so tumultuous today.
Intent matters. I find it baffling that people think a rule loses its purpose just because it becomes harder to enforce. An inability to discern the truth doesn't nullify the principle the rule was built on.
> but if AI is just as good, doesn't that just mean more good PRs?
If you believe the outputs of LLMs are derivative products of the materials the LLMs were trained on (which is a position I lean towards myself, but I also understand the viewpoint of those who disagree), then no, that's not a good thing, because it would be a license violation to accept those derived products without following the original material's license terms, such as attribution and copyleft terms. You are now party to violating the original materials' copyright by accepting AI generated code. That's ethically dubious, even if those original authors may have a hard time bringing a court case against you.
You say "on a long enough timeline", but you already can't tell today in the hands of someone who knows what they're doing.
I think a lot of anti-LLM opinions just come from interacting with the lowest effort LLM slop and someone not realizing that it's really a problem with a low value person behind it.
It's why "no AI allowed" is pointless; high value contributors won't follow it because they know how to use it productively and they know there's no way for you to tell, and low value people never cared about wasting your time with low effort output, so the rule is performative.
e.g. If you tell me AI isn't allowed because it writes bad code, then you're clearly not talking to someone who uses AI to plan, specify, and implement high quality code.
> It's why "no AI allowed" is pointless … If you tell me AI isn't allowed because it writes bad code
I disagree that the rule is pointless, and your last point is a strawman. AI is disallowed because it’s the manner in which the would-be contributors are attempting to contribute to these projects. It’s a proxy rule.
Unfortunately for AI maximalists, code is more than just letters on the screen. There needs to be human understanding, and if you’re not a core contributor who’s proven you’re willing to stick around when shit hits the fan, a +3000 PR is a liability, not an asset.
Maybe there needs to be something like the MMORPG concept of “Dragon Kill Points (DKP)”, where you’re not entitled to loot (contribution) until you’ve proven that you give a shit.
High-value contributors follow the rules and social mores of the community they are contributing to. If they intentionally deceive others, they are not high-value.
Like its been years and years now, if all this is true, you'd think there would be more of a paradigm shift? I'm happy I guess waiting for Godot like everyone else, but the shadows are getting a little long now, people are starting to just repeat the same things over and over.
Like, I am so tired now, it's causing such messes everywhere. Can all the best things about AI be manifest soon? Is there a timeline?
Like what can I take so that I can see the brave new world just out of reach? Where can I go? If I could just even taste the mindset of the true believer for a moment, I feel like it would be a reprieve.
I don't see an issue here. You keep using AI to create high value contributions in the projects that accept it, I will keep not using it in mine, and we can see who wins out in 10 years.
All LLM-output is slop. There's no good LLM output. It's stolen code, stolen literature, stolen media condensed into the greatest heist of the 21. century. Perfect capitalism - big LLM companies don't need to pay royalties to humans, while selling access to a service which generates monthly revenue.
If it works, it's not wrong.
Wasting any time or energy on determining whether or not the source is AI is stupid. If all the requirements are met, in terms of style guide, documentation, functionality, thorough testing and correctness, then it's good. Doesn't matter if AI wrote it, or if it's artisanal hand-crafted bytecode lovingly prepared by a native of Computronistan.
The trick is to define what works - set the bar high enough that you're driving away raw human contributors, annoying high value humans, or arbitrarily barring AI users out of dogma or politics or whatever. A hierarchy of maintainers, with people willing to volunteer to sift through submissions, each handing up a much reduced list to the next level, is probably where big projects will have to go.
At some point it won't matter; while it does, look for enthusiastic volunteers and make good, sensible, functional rules that get the best results.
I don't particularly care if vibe coding and the like are used for web apps and mobile apps. The quality there has always been poor and gets worse over time. AI slopware is just the new low and in a few years time I'm sure they will find a way to make things even worse.
But for software infrastructure; Kernels, operating systems, compilers, browsers, etc, it is crazy we are even considering AI at it's current ability. If we are going to do that, we need to switch to Ada/SPARK or some other type of formally verifiable system.
Maybe I'm overreacting, but all I want to do right now is escape. It horrifies me to think that one day I may be driving a car with a braking system vibe coded in C++.
Great care and attention is required for critical system components and LLMs lack both.
Not to mention the copyright risks - do we really want a piece of code that can’t be licensed or turns out to be a verbatim copy from another project to end up in the kernel or something? (No, the answer is we don’t want.).
i dont work in then auto industry but Ive read stuff from people that do and Im pretty sure I remember they all say that all major car mfg code is tons of auto generated slop even pre AI.
Readit News
With the advent of LLMs, AI-autocomplete, and agent-based development workflows, my ability to deliver reliable, high-quality code is restored and (arguably) better. Personally, I love the "hallucinations" as they help me fine-tune my prompts, base instructions, and reinforce intentionality; e.g. is that >really< the right solution/suggestion to accept? It's like peer programming without a battle of ego.
When analyzing problems, I think you have to look at both upsides and downsides. Folks have done well to debate the many, many downsides of AI and this tends to dominate the conversation. Probably thats a good thing.
But, on the flip side, I personally advocate hard for AI from the point-of-view on accessibility. I know (more-or-less) exactly what output I'm aiming for and control that obsessively, but it's AI and my voice at the helm instead of my fingertips.
I also think it incorrect to look at it from a perspective of "does the good outweigh the bad?". Relevant, yes, but utilitarian arguments often lead to counter-intuitive results and end up amplifying the problems they seek to solve.
I'd MUCH rather see a holistic embrace and integration of these tools into our ecosystems. Telling people "no AI!" (even if very well defined on what that means) is toothless against people with little regard for making the world (or just one specific repo) a better place.
That doesn't address the controversy because you are a reasonable person assuming that other people using AI are reasonable like you, and know how to use AI correctly.
The rumors we hear have to do with projects inundated with more pull requests that they can review, the pull requests are obviously low quality, and the contributors' motives are selfish. IE, the PRs are to get credit for their Github profile. In this case, the pull requests aren't opened with the same good faith that you're putting into your work.
In general, a good policy towards AI submission really has to primarily address the "good faith" issue; and then explain how much tolerance the project has for vibecoding.
No AI needed. Spam on the internet is a great example of the amount of unreasonable people on the internet. And for this I'll define unreasonable as "committing an action they would not want committed back at them".
AI here is the final nail in the coffin that many sysadmins have been dealing with for decades. And that is that unreasonable actors are a type of asymmetric warfare on the internet, specifically the global internet, because with some of these actors you have zero recourse. AI moved this from moderately drowning in crap to being crushed under an ocean of it.
Going to be interesting to see how human systems deal with this.
"Open source" does not mean "open contribution", i.e. just because the software is open source does not imply that your contribution (or in particular a not-high-effort contribution) is welcome.
A well-known application that is open source in the strictest sense, but not open contribution is SQLite.
There's a way to handle this: put an automatic AI review of every PR from new contributors. Fight fire with fire.
(Actually, this was the solution for spam even before LLMs. See "A plan for SPAM" by Paul Graham. Basically, if you have a cheap but accurate filter (specially, a filter you can train for your own patterns), it should be enabled as a first line of defense. Anything the filter doesn't catch and the user had to manually mark as spam should become data to improve the filter)
Moreover, if the review detects LLM-generated content but the user didn't disclose it, maybe there should be consequences
And the problem is filtering them out. That is real work that can be draining and demoralizing as unreasonable persons usually have their sad story why they are the way they are, but you cannot do therapy or coaching for random strangers while trying to get a project going.
So if people contribute good things, engage with them. If they contribute slob (AI generated or not) - you say no to them.
People who are doing those harmful things with AI aren’t going to stop because of a policy. They are just going to lie and not admit their submissions are AI generated.
At that point, you will still have to review the code and reject it if it is bad quality, just like you had to without an AI policy. The policy doesn’t make it any easier to filter out the bad faith AI submissions.
In fact, if we DO develop an efficient way to weed out the bad faith PRs that lie about using AI, then why do we need the policy at all? Just use that same system to weed out the bad submissions, and just skip the policy completely.
Dead Comment
This is the technique I've picked up and got the most from over the past few months. I don't give it hard, high-level problems and then review a giant set of changes to figure it out. I give it the technical solution I was already going to implement anyway, and then have it generate the code I otherwise would have written.
It cuts back dramatically on the review fatigue because I already know exactly what I'm expecting to see, so my reviews are primarily focused on the deviations from that.
I also use LLM assistance, and I love it because it helps my ADHD brain get stuff done, but I definitely miss stuff that I wouldn’t miss by myself. It’s usually fairly simple mistakes to fix later but I still miss them initially.
I’ve been having luck with LLM reviewers though.
This is how I've found myself to be productive with the tools, or since productivity is hard to measure, at least it's still a fun way to work. I do not need to type everything but I want a very exact outcome nonetheless.
My simple solution: I use Whisper to transcribe my text, and feed the output to an LLM for cleanup (custom prompt). It's fantastic. Way better than stuff like Dragon. Now I get frustrated with transcribing using Google's default mechanism on Android - so inaccurate!
But the ability to take notes, dictate emails, etc using Whisper + LLM is invaluable. I likely would refuse to work for a company that won't let me put IP into an LLM.
Similarly, I take a lot of notes on paper, and would have to type them up. Tedious and painful. I switched to reading my notes aloud and use the above system to transcribe. Still painful. I recently realized Gemini will do a great job just reading my notes. So now I simply convert my notes to a photo and send to Gemini.
I categorize all my expenses. I have receipts from grocery stores where I highlight items into categories. You can imagine it's painful to enter that into a financial SW. I'm going to play with getting Gemini to look at the photo of the receipt and categorize and add up the categories for me.
All of these are cool applications on their own, but when you realize they're also improving your health ... clear win.
FWIW, I have a pet project for a family recipe book. I normalize all recipes to a steps/instructions/ingredients JSON object. A webapp lets me snap photos of my old recipes and AI reliably yields perfectly structured objects back. The only thing I've had to fix is odd punctuation. For production, use is low, so `gemini-2.5-flash` works great and the low rate limits are fine. For development the `gemma-3-27b-it` model has MUCH higher limits and still does suprisingly well.
I'd bet you can pull this off and be very happy with the result.
Honestly, you can probably build what I built entirely with Gemini or Claude, probably with a nice frontend to boot.
I understand that your use case is different, so AI may help handicapped people. Nothing wrong with that.
The problem is that the term AI encompasses many things, and a lot of AI led to quality decay. There is a reason why Microsoft is now called Microslop. Personally I'd much prefer for AI to go away. It won't go away, of course, but I still would like to see it gone, even if I agree that the use case you described is objectively useful and better for you (and others who are handicapped).
> I also think it incorrect to look at it from a perspective of "does the good outweigh the bad?". Relevant, yes, but utilitarian arguments often lead to counter-intuitive results and end up amplifying the problems they seek to solve.
That is the same for every technology though. You always have a trade-off. So I don't think the question is incorrect at all - it applies the same just as it is for any other technology, too. I also disagree that utilitarian arguments by their intrinsic nature lead to counter-intuitive results. Which result would be counter-intuitive when you analyse a technology for its pros and cons?
Because young people repeat things they see on social media?
The accessibility angle is really important here. What we need is a way to stop people who make contributions they don't understand and/or can not vouch they are the author for (the license question is very murky still, and no what the US supreme court said doesn't matter here in EU). This is difficult though.
I agree with you that there's a huge distinction between code that a person understands as thoroughly as if they wrote it, and vibecoded stuff that no person actually understands. but actually doing something practical with that distinction is a difficult problem to solve.
No, it's not that simple. AI generated code isn't owned by anyone, it can't be copyrighted, so it cannot be licensed.
This matters for open source projects that care about licensing. It should also matter for proprietary code bases, as anyone can copy and distribute "their" AI generated code for any purpose, including to compete with the "owner".
we do often choose automation when possible (especially in computer realms), but there are endless examples in programing and other fields of not-so-surprising-in-retrospect failures due to how automation affects human behavior.
so it's clearly not true. what we're debating is the amount of harm, not if there is any.
Think of it like random noise in an image editor: you do own the random pixels since they're generated by the computer, but you can still use them as part of making your art - you do not lose copyright to your art because you used a random noise filter.
These people (myself included) made their work available free of charge under some very friendly conditions such as being credited or sharing work built upon theirs under the same license. Now we are being shit on because obscenely rich people think we are no longer relevant and that they can get away with it.
What happens to you if, say 2 years down the line, "AI" or AI has absorbed all your knowledge and can do all of your work instead of you better and faster? Do you imagine you'll keep paying for AI and having it work for you or can you also imagine a future where AI companies decide to cut out the middle-man (you) and take over your customers directly?
If it makes them go thru AI contributions to make sure there is no AI nonsense in them, that's already massive win.
The AI on itself is not a problem
> But, on the flip side, I personally advocate hard for AI from the point-of-view on accessibility. I know (more-or-less) exactly what output I'm aiming for and control that obsessively, but it's AI and my voice at the helm instead of my fingertips.
and you are the 1% (assuming your claims are true and not hallucinated gains, which are common in AI world too), vast majority of AI contributions are peak lazy, or at best goal-seeking with no regard of the target, consequences or quality
THAT is what people complain about. If AI was just used to shortcut the boring, augument the knowledge and produce better quality code, there would be very little arugments against AI-driven contributions. But that is not the case, the AI pundits will purposefully not check the AI output just because that would require time and knowledge and that looks bad on "how faster AI makes you" KPI
I'm much better now after tons of rehab work (no surgery, thankfully), but I don't have the stamina to type as much as I used to. I was always a heavy IDE user and a very fast coder, but I've moved platforms too many times and lost my muscle memory. A year ago I found the AI tools to be basically time-wasters, but now I can be as productive as before without incurring significant pain.
This reads almost like satire of an AI power user. Why would you like it when an LLM makes things up? Because you get to write more prompts? Wouldn't it be better if it just didn't do that?
It's like saying "I love getting stuck in traffic because I get to drive longer!"
Sorry but that one sentence really stuck out to me
Building up style guidelines for AI tools has been an eye opening experience in realizing how many stylistic choices we make that aren’t embedded in the linter, and aren’t documented anywhere else either. The resulting files have actually been a really good resource not just for the AI but for new developers on the project too.
It all depends on what your specific goal is.
I like it because I have no expectation of perfection-- out of others, myself, and especially not AI. I expect "good enough" and work upwards from there, and with (most) things, I find AI to be better than good enough.
My solution so far is to use my instructions to call out the fact that my comments are transcribed and full of errors. I also focus more on "plan + apply" flows that guide agents to search out and identify code changes before anything is edited to ensure the relevant context (and any tricky references) are clearly established in the chat context.
It's kinda like learning vim (or emacs, if you prefer). First it was all about learning shortcuts and best practices to make efficient use of the tool. Then it was about creating a good .vimrc file to further reduce the overhead of coding sessions. Then it was about distributing that .vimrc across machines (and I did a LOT of ssh-based work) for consistency. Once that was done, it became unimaginable to code any other way.
It has been even more true here: agent-based workflows are useless without significant investment in creating and maintaining good project documentation, agent instructions, and finding ways to replicate that across repos (more microservice hell! :D) for consistency. There is also some conflict, especially in corporate environments, with where this information needs to live to be properly maintained.
Best of luck!
That's like saying I love hiring fuck ups that randomly do out of context and out of ruleset work for me when I ask them to perform tasks.
I would also argue to you that "folks" have done more well to debate the upsides of AI. It is pretty much all I ever see when I come to this website any more the last couple of years. Oh, and by coincidence, the operator/owner of the website just happens to be at the helm of ChatGPT. How convenient.
I think you have a good point
This resonates. Recently, I've started to consider Claude as a partner. I like how he's willing to accept he's wrong when you provide evidence. It can be more pleasant than working with humans.
Sorry, the rest of your comment could have the recipe for fat free deep fried blowjobs that cure cancer and I wouldn't read past that.
I do agree that at large, the theoretical upsides of accessibility are almost certainly completely overshadowed by obvious downsides of AI. At least, for now anyway. Accessibility is a single instance of the general argument that "of course there are major upsides to using AI", and there a good chance the future only gets brighter.
My point, essentially, is that I think this is (yet another) area in life where you can't solve the problem by saying "don't do it", and enforcing it is cost-prohibitive. Saying "no AI!" isn't going to stop PR spam. It's not going to stop slop code. What is it going to stop (see edit)? "Bad" people won't care, and "good" people (who use/depend-on AI) will contribute less.
Thus I think we need to focus on developing robust systems around integrating AI. Certainly I'd love to see people adopt responsible disclosure policies as a starting point.
--
[edit] -- To answer some of my own question, there are obvious legal concerns that frequently come up. I have my opinions, but as in many legal matters, especially around IP, the water is murky and opinions are strongly held at both extremes and all to often having to fight a legal battle at all* is immediately a loss regardless of outcome.
Deleted Comment
I think the ugly unspoken truth whether Mozilla or Debian or someone else, is that there are going to be plausible and valuable use cases and that AI as a paradigm is going to be a hard problem the same way that presiding over, say, a justice system is a hard problem (stay with me). What I mean is it can have a legitimate purpose but be prone to abuse and it's a matter of building in institutional safeguards and winning people's trust while never fully being able to eliminate risk.
It's easy for someone to roll their eyes at the idea that there's utility but accessibility is perfect and clear-eyed use case, that makes it harder to simply default to hedonic skepticism against any and all AI applications. I actually think it could have huge implications for leveling the playing field in the browser wars for my particular pet issue.
Given the liabilities of relying on public and chat users markdown data to sell to other users without compensation raises a number of issues:
1. Copyright: LLM generated content can't be assigned copyright (USA), and thus may contaminate licensing agreements. It is likely public-domain, but also may conflict with GPL/LGPL when stolen IP bleeds through weak obfuscation. The risk has zero precedent cases so far (the Disney case slightly differs), but is likely a legal liability waiting to surface eventually.
2. Workmanship: All software is terrible, but some of it is useful. People that don't care about black-box obfuscated generated content, are also a maintenance and security liability. Seriously, folks should just retire if they can't be arsed to improve readable source tree structure.
3. Repeatability: As the models started consuming other LLM content, the behavioral vectors often also change the content output. Humans know when they don't know something, but an LLM will inject utter random nonsense every time. More importantly, the energy cost to get that error rate lower balloons exponentially.
4. Psychology: People do not think critically when something seems right 80% of the time. The LLM accuracy depends mostly on stealing content, but it stops working when there is nothing left to commit theft of service on. The web is now >53% slop and growing. Only the human user chat data is worth stealing now.
5. Manipulation: The frequency of bad bots AstroTurf forums with poisoned discourse is biasing the delusional. Some react emotionally instead of engaging the community in good faith, or shill hard for their cult of choice.
6. Sustainability: FOSS like all ecosystems is vulnerable to peer review exhaustion like the recent xz CVE fiasco. The LLM hidden hostile agent problem is currently impossible to solve, and thus cannot be trusted in hostile environments.
7. Ethics: Every LLM ruined town economic simulations, nuked humanity 94% of the time in every war game, and encouraged the delusional to kill IRL
While I am all for assistive technologies like better voice recognition, TTS, and individuals computer-user interfaces. Most will draw a line at slop code, and branch to a less chaotic source tree to work on.
I think it is hilarious some LLM proponents immediately assume everyone also has no clue how these models are implemented. =3
"A Day in the Life of an Ensh*ttificator "
https://www.youtube.com/watch?v=T4Upf_B9RLQ
Something might be required now as some people might think that just asking an LLM is "the most he can done", but it's not about using AI it's about being aware and responsible about using it.
But like the XZ attack, we kind of have to assume that advanced perissitant threats are a reality for FOSS too.
I can envisage a Sybil attack where several seemingly disaparate contributors are actually one actor building a backdoor.
Right now we have a disparity in that many contributors can use LLMs but the recieving projects aren't able to review them as effectively with LLMs.
LLM generated content often (perhaps by definition) seems acceptable to LLMs. This is the critical issue.
If we had means of effectively assessing PRs objectively that would make this moot.
I wonder if those is a whole new class of issue. Is judging a PR harder than making one? It seems so right now
Depends on the assumptions. If you assume good intent of the submitter and you spend time to explain what he should improve, why something is not good, etc, than it's a lot of effort. If you assume bad intent, you can just reject with something like "too large review from unproven user, please contribute something smaller first".
Yes, we might need to take things a bit slower, and build relations to the people you collaborate with in order to have some trust (this can also be attacked, but this was already possible).
In my experience (albeit with non-coding questions), ChatGPT 5.2 is often quite eager to critique snippets of its own replies from previous conversations. And reasoning models can definitely find flaws in LLM-written code.
I think that's backwards, at least as far as accepting a PR. Better that all code is reviewed as if it is probably a carefully thought out Trojan horse from a dedicated enemy until proven otherwise.
Quality should always be the responsibility of the person submitting changes. Whether a person used LLMs should not be a large concern if someone is acting in good-faith. If they submitted bad code, having used AI is not a valid excuse.
Policies restricting AI-use might hurt good contributors while bad contributors ignore the restrictions. That said, restrictions for non-quality reasons, like copyright concerns, might still make sense.
The core issue is that it takes a large amount of effort to even assess this, because LLM generated code looks good superficially.
It is said that static FP languages make it hard to implement something if you don't really understand what you are implementing. Dynamically typed languages makes it easier to implement something when you don't fully understand what you are implementing.
LLMs takes this to another level when it enables one to implement something with zero understanding of what they are implementing.
The people following the policies are the most likely to use AI responsibly and not submit low-effort contributions.
I’m more interested in how we might allow people to build trust so that reviewers can positively spend time on their contributions, whilst avoiding wasting reviewers time on drive-by contributors. This seems like a hard problem.
Deleted Comment
Therefore, policies restricting AI-use on the basis of avoiding low-quality contributions are probably hurting more than they’re helping.
Actually not shrink, but just transfer it to reviewers.
Dead Comment
Sure now it is easy, but in 3-10 years AI will get significantly better. It is a lot like the audio quality of an MP3 recording. It is not perfect (lossless audio is better), but for the majority of users it is "good enough".
At a certain point AI generated content, PR's, etc will be good enough for humans to accept it as "human". What happens then, when even the best checks and balances are fooled?
Can you reliably tell that the contributor is truly the author of the patch and that they aren't working for a company that asserts copyright on that code? No, but it's probably still a good idea to have a policy that says "you can't do that", and you should be on the lookout for obvious violations.
It's the same story here. If you do nothing, you invite problems. If you do something, you won't stop every instance, but you're on stronger footing if it ever blows up.
Of course, the next question is whether AI-generated code that matches or surpasses human quality is even a problem. But right now, it's academic: most of the AI submissions received by open source projects are low quality. And if it improves, some projects might still have issues with it on legal (copyright) or ideological grounds, and that's their prerogative.
But the projects aren't drowning under PRs from reputable people. They're drowning in drive-by PRs from people with no reputation to speak of. Even if you outright ban their account, they'll just spin up a new one and try again.
Blocking AI submissions serves as a heuristic to reduce this flood of PRs, because the alternative is to ban submissions from people without reputation, and that'd be very harmful to open source.
And AI cannot be the solution here, because open source projects have no funds. Asking maintainers to fork over $200/month for "AI code reviews" just kills the project.
That's an OK view to hold, but I'll point out two things. First, it's not how the tech is usually wielded to interact with open-source software. Second, your worldview is at odds with the owners of this technology: the main reason why so much money is being poured into AI coding is that it's seen by investors as a replacement for the individual.
This is the basis of the argument - it doesn't matter if you use AI or not, but it does matter if you know what you're doing or not.
AI is predictive at a token level. I think the usefulness and power of this has been nothing short of astonishing; but this token prediction is fundamentally limiting. The difference between human _driven_ vs AI generated code is usually in design. Overly verbose and leaky abstractions, too many small abstractions that don't provide clear value, broad sweeping refactors when smaller more surgical changes would have met the immediate goals, etc. are the hallmarks of AI generated code in my experience. I don't think those will go away until there is another generational leap beyond just token prediction.
That said, I used human "driven" instead of human "written" somewhat intentionally. I think AI in even its current state will become a revolutionary productivity boosting developer aid (it already is to some degree). Not dissimilar to a other development tools like debuggers and linters, but with much broader usefulness and impact. If a human uses AI in creating a PR, is that something to worry about? If a contribution can pass review and related process checks; does it matter how much or how little AI was used in it's creation?
Personally, my answer is no. But there is a vast difference between a human using AI and an AI generated contribution being able to pass as human. I think there will be increasing degrees of the former, but the latter is improbable to impossible without another generational leap in AI research/technology (at least IMO).
---
As a side note, over usage of AI to generate code _is_ a problem I am currently wrangling with. Contributors who are over relying on vibecoding are creating material overhead in code review and maintenance in my current role. It's making maintenance, which was already a long tail cost generally, an acute pain.
If everything the maintainer wants can (hypothetically) be one-shotted, then there is no need to accept PR's at all. Just allow forks in case of open source.
Deleted Comment
Crystal ball or time machine?
Past performance does not guarantee future results, of course. But acting like AI is now magically going to stagnate is also a really bold bet.
The ones that make the headlines here on HN are not subtle at all, they're probably the bottom of the barrel of AI users.
McDonalds cooks ~great~ (edit: fair enough, decent) burgers when measured objectively, but people still go to more niche burger restaurants because they want something different and made with more care.
That's not to say that an human can't use AI with intent, but then AI becomes another tool and not an autonomous code generating agent.
Wait, what? In what world are McDonalds burgers "great"? They're cheap. Maybe even a good value. But that's not the same as great.
If you believe the outputs of LLMs are derivative products of the materials the LLMs were trained on (which is a position I lean towards myself, but I also understand the viewpoint of those who disagree), then no, that's not a good thing, because it would be a license violation to accept those derived products without following the original material's license terms, such as attribution and copyleft terms. You are now party to violating the original materials' copyright by accepting AI generated code. That's ethically dubious, even if those original authors may have a hard time bringing a court case against you.
I think a lot of anti-LLM opinions just come from interacting with the lowest effort LLM slop and someone not realizing that it's really a problem with a low value person behind it.
It's why "no AI allowed" is pointless; high value contributors won't follow it because they know how to use it productively and they know there's no way for you to tell, and low value people never cared about wasting your time with low effort output, so the rule is performative.
e.g. If you tell me AI isn't allowed because it writes bad code, then you're clearly not talking to someone who uses AI to plan, specify, and implement high quality code.
I disagree that the rule is pointless, and your last point is a strawman. AI is disallowed because it’s the manner in which the would-be contributors are attempting to contribute to these projects. It’s a proxy rule.
Unfortunately for AI maximalists, code is more than just letters on the screen. There needs to be human understanding, and if you’re not a core contributor who’s proven you’re willing to stick around when shit hits the fan, a +3000 PR is a liability, not an asset.
Maybe there needs to be something like the MMORPG concept of “Dragon Kill Points (DKP)”, where you’re not entitled to loot (contribution) until you’ve proven that you give a shit.
High-value contributors follow the rules and social mores of the community they are contributing to. If they intentionally deceive others, they are not high-value.
Like its been years and years now, if all this is true, you'd think there would be more of a paradigm shift? I'm happy I guess waiting for Godot like everyone else, but the shadows are getting a little long now, people are starting to just repeat the same things over and over.
Like, I am so tired now, it's causing such messes everywhere. Can all the best things about AI be manifest soon? Is there a timeline?
Like what can I take so that I can see the brave new world just out of reach? Where can I go? If I could just even taste the mindset of the true believer for a moment, I feel like it would be a reprieve.
I know it's a cliche but it's just too perfect to answer this question.
The trick is to define what works - set the bar high enough that you're driving away raw human contributors, annoying high value humans, or arbitrarily barring AI users out of dogma or politics or whatever. A hierarchy of maintainers, with people willing to volunteer to sift through submissions, each handing up a much reduced list to the next level, is probably where big projects will have to go.
At some point it won't matter; while it does, look for enthusiastic volunteers and make good, sensible, functional rules that get the best results.
Deleted Comment
But for software infrastructure; Kernels, operating systems, compilers, browsers, etc, it is crazy we are even considering AI at it's current ability. If we are going to do that, we need to switch to Ada/SPARK or some other type of formally verifiable system.
Maybe I'm overreacting, but all I want to do right now is escape. It horrifies me to think that one day I may be driving a car with a braking system vibe coded in C++.
Great care and attention is required for critical system components and LLMs lack both.
Not to mention the copyright risks - do we really want a piece of code that can’t be licensed or turns out to be a verbatim copy from another project to end up in the kernel or something? (No, the answer is we don’t want.).
What a banger sub-thread: https://lists.debian.org/debian-vote/2026/02/msg00020.html
Basically "let's not screw anyone"
It's a good policy