On Fri, Jul 18, 2025 at 12:56:55PM +0200, Florian Weimer wrote: > * Daniel P. Berrangé:
[...] > You don't know that if you are reviewing an unsolicited contribution, or > a contribution not directly targeted at Fedora. You don't set the rules > for those. > > > IMHO that is materially different, because the former is only a problem > > for the small subset of untrustworthy developers who deliberately ignore > > their obligations, while the latter problem can unwittingly affect any > > developer who uses the tools no matter how diligen tthey are. > > I disagree. Today, we only have approval of licenses, not approval of > content. Maintainers are not required to check that content they import > from upstream or other upstream-associated sources (such as a patch > posted on an upstream mailing list) is actually covered by the declared > license or the license implied by association with the specific upstream > project. As this discussion shows, there are still many open questions here. One of the guidelines I heard for evaluating LLM-generated code is, asking yourself: "is it misleading?" I know it's a loaded question that needs unpacking. Take the case where the code is entirely generated by an LLM. Now, putting the human who wrote the prompt as an "author" is ethically wrong and misleading. Same goes for using some kind of restrictive license on that code — on what basis should this be decided, if any at all? (I'm not asking for an answer here.) Some "common sense guidelines" that Fedora could explicitly spell out: - Do your best to not mix up man and machine. If you're not sure, delcare precisely what you did when submitting code authored by LLMs or LRMs. - Make sure you understand the LLM-generated code you're submitting. Meaning, don't put the "burden of untangling" what is human and machine from what you submitted on reviewers / maintainers. - As Richard Fontana noted in this thread, consistently "mark" the AI content using explicit tags such as: "Assisted-by:" or "Generated-by:", or "Co-authored-by:", etc The human should go further and spell out what is human-authored vs. machine-authored, or what was the extent of your own editing or modification. Plainly and clearly explain the truth in Git commit messages, source file comments, etc. -- Kashyap Chamarthy / Red Hat / RISC-V and Fedora -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue