Hi folks, Handling AI contributions is an area we need to talk more about at some point. Some other ASF projects receive 10 or more AI-generated "security fix" proposals on some days. We certainly aren't impacted by this just yet, but we should prepare in case we see a rise in such PRs.
Also, the ASF has some general advice on generative coding: https://www.apache.org/legal/generative-tooling.html A key part of that advice is that humans need to vouch for what gets submitted/approved. However, we can take steps to ensure future submissions meet minimal requirements if AI is involved somewhere in the process. So, I have put together an initial version of an AGENTS.md file that attempts to capture at least the "comply with ASF licensing part" of the general advice. We should undoubtedly expand the AGENTS.md file, but there is a lot of activity happening within and outside the ASF in this space, so we don't need to rush. Please discuss if you have any thoughts/concerns. Cheers, Paul.
