On Tue, 09 Jun 2026 13:52:56 +0200 Gabriel Wicki <[email protected]> wrote:
> So, asking an LLM for input on what is wrong with a package (IIRC > Hugo's example) without any code output from the genAI machine is > ok—legally? Note that in FLOSS projects, the main concern is most of the times the legal risk for the project, not the risks for individual contributors. So for instance if the LLM model violates copyright and so on, the question most people are interested in is if a contribution is made thanks to an information reported by an LLM, if it is a risk big enough for Guix to care about. And in GNU we got no information about that, and you can ask many people and most of them will tell you that the risk is very low or non-existent. So I assume that it's safe enough else we would probably also have had warnings about such usage. And here I assume that there is some logic that I don't know that shields the contribution from an illegal model. We also have a situation that seems similar with leaked chip documentation that is public (so in cases where trade secrets law don't apply), and in these cases, copyright law still apply to the leaked documentation. Though the legal logic behind could be different. As far as I understand if people use leaked documentation that isn't trade secrets anymore, it just put the people at risk, not the FLOSS project, which is what projects really care about. Though when leaked documentation is public, you can also protect yourself by looking at what people write about the documentation instead (so forum posts, presentations, etc). And that's what I did when I worked on Replicant. But that's up to you to decide what legal risks you are willing to take. We can't decide for you. Personally I also went on the safe side for Replicant because I assumed that not everybody was necessarily comfortable with violating copyright laws, and so by leading by example, I could allow more people to contribute. Denis.
pgpNRINvbhOyF.pgp
Description: OpenPGP digital signature
