I've been using AI to contribute to LLVM, which has a liberal policy.

The code is of terrible quality and I am at 100+ comments on my latest PR.

That being said, my latest PR is my second-ever to LLVM and is an entire linter check. I am learning far more about compilers at a much faster pace than if I took the "normal route" of tiny bugfixes.

I also try to do review passes on my own code before asking for code review to show I care about quality.

LLMs increase review burden a ton but I would say it can be a fair tradeoff, because I'm learning quicker and can contribute at a level I otherwise couldn't. I feel like I will become a net-positive to the project much earlier than I otherwise would have.

edit: the PR in question. Unfortunately I've been on vacation and haven't touched it recently.

https://github.com/llvm/llvm-project/pull/146970

It's a community's decision whether to accept this tradeoff & I won't submit AI generated code if your project refuses it. I also believe that we can mitigate this tradeoff with strong social norms that a developer is responsible for understanding and explaining their AI-generated code.

There are a number of other issues such the ethical and environmental ones. However, this one in isolation...

    Popular LLMs are really great at 
    generating plausibly looking, but meaningless 
    content. They are capable of providing good 
    assistance if you are careful enough

Humans are capable of generating extremely poor code. Improperly supervised LLMs are capable of generating extremely poor code.

How is this is an LLM-specific problem?

I believe part of (or perhaps the entire) the argument here is that LLMs certainly enable more unqualified contributors to generate larger quantities of low-quality code than they would have been able to otherwise. Which... is true.

But still I'm not sure that LLMs are the problem here? Nobody should be submitting unexpected, large, hard-to-review quantities of code in the first place, LLM-aided or otherwise. It seems to me that LLMs are, at worst, exposing an existing flaw in the governance process of certain projects?

LLMs trained on open source make the common mistakes that humans make.

[flagged]

How is it telling at all?

It’s just what every other tech bro on here wants to believe, that using LLM code is somehow less pure than using free-range-organic human written code.

I think it's a discouragement more than an enforcement --- a "we will know if you submit AI-generated code, so don't bother trying." Maybe those who do know how to use LLMs really well can submit code that they fully understand and can explain the reasoning of, in which case the point is moot.

> I can't help but wonder how these policies would be enforced

One of the parties that decided on Gentoo's policy effectively said the same thing. If I get what you're really asking... the reality is, there's no way for them to know if a LLM tool was used internally, it's honor system. But I mean enforcement is just ban the contributor if they become a problem. They've banned or otherwise restricted other ones for being disruptive or spamming low quality contributions in the past.

It's worded the way it is because most of the parties understand this isn't going away and might get revisited eventually. At least one of them hardline opposes LLM contributions in any form and probably won't change their mind.

If nothing else, it gives maintainers a sign to point to when closing PRs with prejudice, and that's not nothing. Bad faith contributors will still likely complain when their PRs are closed, and having an obviously applicable policy to cite makes it harder for them to keep complaining without getting banned outright.

You just stop accepting contributions from them?

There is nothing inherently different about these policies that make them more or less difficult to enforce than other kinds of polices.

You enforce them by pointing out the policy and closing the issue/patch request whenever you're concerned about the quality of the submission.

If it turns out to be incorrectly called out, well that sucks, but I submit that patches have been refused before LLMs came to be.

Sometimes PR contains objective evidence, such as LLM responses left in comments, or even something like " Generated with [Claude Code](https://claude.ai/code)" in commit message (notable example: https://github.com/OpenCut-app/OpenCut/pull/479/commits).

You cannot prevent cheating with other policies like the Developer Certificate of Origin either. Yet no one brought up the potential cheating at the time these policies were discussed.

Several projects have rejected "AI" policies using your argument even though those projects themselves have contributor agreements or similar.

This inconsistency makes it likely that the cheating argument, when only used for "AI" contributions, is a pretext and these projects are forced to use or promote "AI" for a number of reasons.

It's often quite easy to distinguish LLM-generated low-effort slop and it's far easier to point to the established policy than to explain why the PR is a complete garbage. On Github it's even easier to detect by inspecting the author's contribution history (and if it's private it's an automatic red flag).

Of course, if someone has used LLM during development as a helper tool and done the necessary work of properly reviewing and fixing the generated code, then it can be borderline impossible to detect, but such PRs are much less problematic.

If someone uses an LLM to help them write good code that is indistinguishable from human written code, you are right, it's not enforceable. And that's what most people that are using LLMs should be doing. Unfortunately sometimes it is possible to tell the difference between human and LLM generated code (slop). Policies like this just make it clear and easy to outright reject them.

We do tell bullies not to bully, and then hopefully when they are caught, they are punished. It’s not a perfect system, but better than just ignoring bullying happens.

https://xkcd.com/810/

To me the point is that I want to see effort from a person asking me to review their PR. If it's obvious LLM generated bullshit, I outright ignore it. If they put in the time and effort to mold the LLM output so that it's high quality and they actually understand what they're putting in the PR (meaning they probably replace 99% of the output), then good, that's the point

What happened to curl? The comment is referring to how the curl project is being overwhelmed by low-quality bug/vulnerability reports generated (or partially generated) by AI (“AI slop”), so much so that curl maintainers are now banning reporters who submit such reports and demanding disclosure, because these sloppy reports cost a lot of time and drain the team.

[generated by ChatGPT] Source: https://news.ycombinator.com/item?id=45217858

At least when I used Gentoo, the point of compiling from source was more about customization than security. I remember having to set so many different options. It was quite granular. Now I just compile certain things from scratch and modify them as needed rather than having an entire system like Gentoo do that, but I do see the appeal to some people.

> I’ve not had time to compile everything from source,

Then use the official binary packages?

> and compiling from source is a false sense of security, since you still don’t know what’s been compromised (it could be the compiler, etc.), and few have the time or expertise to adequately review all of the code.

That would still leave you in a strictly better position, surely? Any other distro would pull the same code and build with compilers, so that attack surface exists regardless.

Granted, I wasn’t into Arch at the time, but in the mid-aughts, Gentoo’s forums were a massively useful resource for Linux knowledge in general. That’s why I used it, anyway. The joy of getting an obscure sound card (Chaintech AV-710) to work in Linux, and sharing that knowledge with others, was enough.

I use it on some systems so strong that most emerges hardly take much longer than a binary package install. It's pretty nice there.

> and if this was a bad call they’ll revisit it.

how would they know? - this is (one of) the ways for people to let them know

Not speaking for everyone but to me the problem is the normalization of bad behavior.

Some people in this thread are already interpreting that policies that allow contributions of AI-generated code means it's OK to not understand the code they write and can offload that work to the reviewers.

If you have ever had to review code that an author doesn't understand or written code that you don't understand for others to review, you should know how bad it is even without an LLM.

> Why do you care? Their sandbox their rules...

* What if it's a piece of software or dependency that I use and support? That affects me.

* What if I have to work with these people in these community? That affects me.

* What if I happen to have to mentor new software engineers who were conditioned to think that bad practices are OK? That affects me.

Things are usually less sandboxed than you think.

>Why do you care? Their sandbox their rules, and if you care because you want to contribute you’re still free to do so. Unless you’re an LLM I guess, but the rest of us should have no problem.

Exactly this. It's their decision to make; their consequences as well.

Then again I would have bet $1000 that gentoo disappeared 15 years ago. Probably around 2009? I legitimately havent even heard about them since at least that long.

So rejecting contributions from who might even still be around seems like a bad decision.

I like the idea of Gentoo, and I've considered switching back to it. I won't now, as I don't see a future for it if this is the attitude they take towards new technologies.

[dead]

That ignores two out of the three reasons they gave for this decision

Interestingly --- while I doubt it would make a difference to the decision Gentoo in particular would make --- the cost/benefit of LLMs for coding changed sharply just a month or two after this, when the first iteration of foundation models tuned for effective agents came out. People forget that effective coding agents are just a couple minutes old; the first research preview release of Claude Code was this past February.

Important point. A lot has changed in coding AIs since then.

> AI being trained on copyrighted data is considered fair use because it transforms the underlying data rather than distribute it as is.

It's not a binary. Sometimes it fully reproduces works in violation of copyright and other times it modifies it just enough to avoid claims against it's output. Using AI and just _assuming_ it would never lead you to a copyright violation is foolish.

> uses same energy as more than 100 GPT questions.

Are you including training costs or just query costs?

> But the reasoning is motivated from a wrong place.

That does not matter. What matters is if the outcome is improved in the way they predict. This is actually measurable.

The idea that models are transformative is debatable. Works with copyright are the thing that imbues the model with value. If that statement isn’t true, then they can just exclude those works and nothing is lost, right?

Also, half the problem isn’t distribution, it’s how those works were acquired. Even if you suppose models 44are transformative, you can’t just download stuff from piratebay. Buy copies, scan them, rip them, etc.

It’s super not cool that billion dollar vc companies can just do that.

I don't get this idea. Transformative works don't automatically equal fair use - copyright covers all kind of transformative works.

> AI doesn't use any more water or energy than any other tool. An hour of Netflix uses same energy as more than 100 GPT questions. A single 10 hour flight (per person*) emits as much as around 100k GPT prompts. It is strange that one would repeat the same nonsense about AI without primary motive being ideological.

We should stop doing those things too. I'm still surprised that so many people are flying.

That's quite a strawman definition of "copyright infringement" especially given the ongoing Anthropic lawsuit

It's not a question of if feeding all the worlds books into a blender and eating the resulting slurry paste is copyright infringement. It's that they stole the books in the first place by getting them from piracy websites

If they'd purchased every book ever written, scanned them in and fed that into the model? That would be perfectly legal

> Highly disingenuous. First, AI being trained on copyrighted data is considered fair use because it transforms the underlying data rather than distribute it as is.

Your legal argument aside, they downloaded torrents and trained their AI on them. You can't get much more blatant than that.

I get why water use is the sort of nonsense that spreads around mainstream social media, but it baffles me how a whole council of nerds would pass a vote on a policy that includes that line.

>> Commercial AI projects are frequently indulging in blatant copyright violations to train their models. > I thought we (FOSS) were anti copyright?

Absolutely not! Every major FOSS license has copyright as its enforcement method -- "if you don't do X (share code with customers, etc depending on license) you lose the right to copy the code"

> I thought we (FOSS) were anti copyright?

For Free Software, copyright creates the ability to use licenses (like the GPL) to ensure source code availability.

>> Commercial AI projects are frequently indulging in blatant copyright violations to train their models.

> I thought we (FOSS) were anti copyright?

No free and open source software (FOSS) distribution model is "anti-copyright." Quite to the contrary, FOSS licenses are well defined[0] and either address copyright directly or rely on copyright being retained by the original author.

0 - https://opensource.org/licenses

>I thought we (FOSS) were anti copyright?

FOSS still has to exist within the rules of the system the planet operates under. You can't just say "I downloaded that movie, but I'm a Linux user so I don't believe in copyright" and get away with it

>the overall energy and water usage of AI contributed to by the actual individual use of AI to, for instance, generate a PR, is completely negligible on the scale of tech products.

[citation needed]

>Is this talking about automation? You know what else automated employees and can often reduce service quality? Software.

Disingenuous strawman. Tech CEO's and the like have been exuberant at the idea that "AI" will replace human labor. The entire end-goal of companies like OpenAI is to create a "super-intelligence" that will then generate a return. By definition the AI would be performing labor (services) for capital, outcompeting humans to do so. Unless OpenAI wants it to just hack every bank account on Earth and transfer it all to them instead? Or something equally farcical

>So did email.

"We should improve society somewhat"

"Ah, but you participate in society! Curious!"

The code is only a projection of someone's mental model, which is what actually allows the project to succeed, especially in the long term.

That's why codebases die when they lose maintainers and forks often don't make it past the first few months.

LLM-generated code might work, but it's not backed by anyone's mental model. And the industry has had a long running term for code which is there but no-one understands it nor the reason behind it: legacy code.

Because the quality of the code matters more than the raw quantity.

Having code that compiles and runs is the bare minimum - we should (and do) hold ourselves to a higher standard of professionalism.

Putting together and maintaining a GNU/Linux distribution and maintaining it for 23 years requires a bit more than "works for me and is useful".

The linked API policy lists specific concerns in 3 categories: copyright, quality, ethical. Which one do you not understand?

LLMs give idiots the power to effectively DDoS repos with useless slop PRs that they have to expend the time and effort to triage and ignore. Like the curl maintainers have said, the review burden of looking at mountains of AI-generated crap is horrifically time consuming.

Or because this is a policy by and for human adults who all understand what we're talking about you just don't accept contributions from anyone obviously rule-lawyering in bad faith.

This isn't a court system, anyone intentionally trying to test the boundaries probably isn't someone you want to bother with in the first place.

> It doesn't define what AI is

this is a bad faith comment.