Debian decides not to decide on AI-generated contributions

Posted by jwilk 6 hours ago

Debian decides not to decide on AI-generated contributions(lwn.net)

200 points | 162 commentspage 2

arjie 2 hours ago|

In some sense, I think the promise of free software is more real today than before because everyone else's software is replicable for relatively cheap. That's probably a much stronger situation for individual freedom to replicate and run code than in the era of us relying on copyright.

jaredcwhite 2 hours ago||

LLM-generated code is incompatible with libre software. It's extremely frustrating to see such a lack of conviction to argue this point forcefully and repeatedly. It's certainly bad enough to see such a widespread embrace of this dangerous and anti-libre technology within proprietary software teams, but when it comes to FLOSS, it should be a no-brainer to formalize an emphatic anti-slop contributor policy.

pessimizer 1 hour ago|

> It's extremely frustrating to see such a lack of conviction to argue this point forcefully and repeatedly.

It is. You haven't argued it at all, right here. You just asserted it as if it were self-evident, talked about your feelings, then demanded policy.

Your only job here was to convince people to align with you, and you didn't bother. It makes me suspect that you haven't really solidified the argument in your own mind.

hombre_fatal 5 hours ago||

Aside, that's a fun read/format, like reading about judges arguing how to interpret a law or debating whether a law is constitutional.

tonymet 2 hours ago||

Given the 10x+ productivity rate, it would be reasonable to establish a higher quality acceptance bar for AI submissions. 50-100% more performance, correctness, usability testing , and one round of human review.

If a change used to take a day or two, and now requires a few minutes, then it's fair to ask for a couple hours more prompting to add the additional tangible tests to compensate for any risks of hallucinations or low quality code sneaking in

MintPaw 3 hours ago||

An interesting concept that stood out to me. Committing the prompts instead of the resulting code only.

It it really true the LLM's are non-deterministic? I thought if you used the exact input and seed with the temperature set to 0 you would get the same output. It would actually be interesting to probe the commit prompts to see how slight variants preformed.

LelouBil 3 hours ago|

> I thought if you used the exact input and seed with the temperature set to 0 you would get the same output.

I think they can also be differences on different hardware, and also usually temperature is set higher than zero because it produces more "useful/interesting" outputs

1vuio0pswjnm7 3 hours ago||

A title that might make Geddy Lee proud

shevy-java 2 hours ago||

Soon we can call it debslop!

theptip 5 hours ago||

> disclosure if "a significant portion of the contribution is taken from a tool without manual modification", and labeling of such contributions with "a clear disclaimer or a machine-readable tag like '[AI-Generated]'.

Quixotic, unworkable, pointless. It’s fundamentally impossible (at least without a level of surveillance that would obviously be unavceptable) to prove the “artisanal hand-crafted human code” label.

> contributors should "fully understand" their submissions and would be accountable for the contributions, "including vouching for the technical merit, security, license compliance, and utility of their submissions".

This is in the right direction.

I think the missing link is around formalizing the reputation system; this exists for senior contributors but the on-ramp for new contributors is currently not working.

Perhaps bots should ruthlessly triage in-vouched submissions until the actor has proven a good-faith ability to deliver meaningful results. (Or the principal has staked / donated real money to the foundation to prove they are serious.)

I think the real problem here is the flood of low-effort slop, not AI tooling itself. In the hands of a responsible contributor LLMs are already providing big wins to many. (See antirez’s posts for example, if you are skeptical.)

hananova 4 hours ago||

> Quixotic, unworkable, pointless. It’s fundamentally impossible (at least without a level of surveillance that would obviously be unavceptable) to prove the “artisanal hand-crafted human code” label.

Difficulty of enforcing is a detail. Since the rule exists, it can be used when detection is done. And importantly it means that ignoring the rule means you’re intentionally defrauding the project.

jruohonen 5 hours ago|||

Debian has always been Debian and thus there are these purist opinions, but perhaps my take too would be something along the "one-strike-and-you-are-out" kind of a policy (i.e., you submit slop without being able to explain your submission in any way) already followed in some projects:

https://news.ycombinator.com/item?id=47109952

theptip 2 hours ago|||

Yeah this is what I was getting at with “reputation” - I think the world where anyone can submit a patch and get human eyes on it is a thing of the past.

IIRC Mitchell Hashimoto recently proposed some system of attestations for OSS contributors. It’s non-obvious how you’d scale this.

bombcar 4 hours ago|||

This is like trying to stop spam by banning emails that send you spam.

They can spin up LLM-backed contributors faster than you can ban them.

jruohonen 4 hours ago|||

If the situation becomes that worse, I agree with you; otherwise, I don't see that as a problem.

ApolloFortyNine 3 hours ago|||

Banning AI would hardly stop that, the LLM contributors would simply claim they're not AI.

Hence why banning AI contributions is meaningless, you literally only punish 'good' actors.

techwizrd 5 hours ago||

I agree. If the real concern is the flood of low-effort slop, unmaintainable patches, accidental code reuse, or licensing violations, then the process should target those directly. The useful work is improving review and triage so those problems get filtered out early. The genie is already out of the bottle with AI tooling, so broad “no AI” rules feel like a reaction to the tool and do not seem especially useful or enforceable.

aplomb1026 3 hours ago|

[dead]

More comments...