On Fri, Jul 18, 2025 at 12:56:55PM +0200, Florian Weimer wrote:
> * Daniel P. Berrangé:

[...]

> You don't know that if you are reviewing an unsolicited contribution, or
> a contribution not directly targeted at Fedora.  You don't set the rules
> for those.
> 
> > IMHO that is materially different, because the former is only a problem
> > for the small subset of untrustworthy developers who deliberately ignore
> > their obligations, while the latter problem can unwittingly affect any
> > developer who uses the tools no matter how diligen tthey are.
> 
> I disagree.  Today, we only have approval of licenses, not approval of
> content.  Maintainers are not required to check that content they import
> from upstream or other upstream-associated sources (such as a patch
> posted on an upstream mailing list) is actually covered by the declared
> license or the license implied by association with the specific upstream
> project.

As this discussion shows, there are still many open questions here.

One of the guidelines I heard for evaluating LLM-generated code is,
asking yourself: "is it misleading?"  I know it's a loaded question that
needs unpacking.  Take the case where the code is entirely generated by
an LLM.  Now, putting the human who wrote the prompt as an "author" is
ethically wrong and misleading.  Same goes for using some kind of
restrictive license on that code — on what basis should this be decided,
if any at all?  (I'm not asking for an answer here.)

Some "common sense guidelines" that Fedora could explicitly spell out:

  - Do your best to not mix up man and machine.  If you're not sure,
    delcare precisely what you did when submitting code authored by
    LLMs or LRMs.

  - Make sure you understand the LLM-generated code you're submitting.
    Meaning, don't put the "burden of untangling" what is human and
    machine from what you submitted on reviewers / maintainers.  

  - As Richard Fontana noted in this thread, consistently "mark" the AI
    content using explicit tags such as:
    
        "Assisted-by:" or "Generated-by:", or "Co-authored-by:", etc

    The human should go further and spell out what is human-authored vs.
    machine-authored, or what was the extent of your own editing or
    modification.  Plainly and clearly explain the truth in Git commit
    messages, source file comments, etc.

-- 
Kashyap Chamarthy / Red Hat / RISC-V and Fedora

-- 
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to