Hi Elliotte, In the PLC4X project, we’re also discussing this topic. One problem that I see, is that by merging the PR of a LLM (Or generally whoever) it might be, that this allows the user submitting it to execute GitHub Action builds on its own. There seem to be several settings that an organization can have. If it’s not the strictest of them all, I would be careful to merge obviously LLM crafted PRs.
Unfortunately, I have no way to check which settings Apache has set. If It’s 3 (which means every PR from an external contributor needs approval by a member of the project), then it doesn’t really matter. Just wanted to leave that angle here … Chris Von: Elliotte Rusty Harold <[email protected]> Datum: Donnerstag, 9. Oktober 2025 um 14:02 An: Maven Developers List <[email protected]> Betreff: LLMs writing code for the Maven codebase Something folks might want to discuss: https://github.com/apache/maven-resolver/pull/1623 looks like a good PR from a new contributor that addresses a minor outstanding issue. The CI is failing right now, but it might be flaky and presumably whatever the problem is there will eventually be fixed. What's worthy of note is that this PR seems very likely to have been created by an LLM. This is going to happen more often going forward. This is the official Apache policy on using LLMs in Apache projects: https://www.apache.org/legal/generative-tooling.html The PR currently violates the policy in a small way. Specifically, it does not identify the LLM or prompt used. I've asked for clarification in the review. Beyond that I don't see any particular problems with this PR, and am inclined to merge it once the issues are addressed. However, people might have other thoughts about using LLMs for Maven that haven't occurred to me yet. If so, it's time to raise them. -- Elliotte Rusty Harold [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
