Hi,
On 3/3/26 10:40 PM, Lucas Nussbaum wrote:
C. What should we done about contributions to Debian directly (not
upstream projects) that were AI-generated or written with
AI-assistance.
My GR draft focused on (C.) because that's what was attacked.
That is also the only thing we have direct influence on. Our influence
on upstreams is limited to being a good example, and the nuclear option
of not packaging something and explaining why.
The key problem with any AI use is that it requires human oversight,
from someone who would not only be qualified to perform the task
unassisted, but also to evaluate the quality of the solution on top of
that, repeatedly, or we get vibe-coded slop.
I fully understand that the proponents of AI use firmly believe (some of
them rightfully) that they are indeed qualified, and that any
restriction on their "tool use" is therefore overly limiting.
But: we certainly cannot say the same for everyone who wants to
contribute, so we need either
1. a stronger vetting process before giving people upload permission, or
2. a review process by which any contribution must be approved by other
developers.
The first option makes it more difficult to enter the project as a full
member, and the second creates extra work that offsets any efficiency
gains, at least until people start forming circles of mutual approval.
That's my point: *if* we want to use AI for anything, we need to create
the necessary structures and policy in the project to do so without
compromising quality and erecting additional roadblocks for contributors.
"I can use this technology in a responsible way, so it needs to be
allowed" is not a policy, and neither are "you can't stop me anyway!" or
"any attempt to create policy will lead to [absurd outcome]."
Also, I believe we need to create proactive, not reactive policy,
because we have a very limited set of reactions to bad uploads, all of
them heavy-handed. I am fairly sure not even the proponents of AI use
would be happy with a policy of "AI use is allowed, but if you make a
bad upload as a result of not doing a thorough review, we nuke your
upload permissions and make you go through a tasks&skills check again",
but I see very few options here.
Simon
