On 17/05/2025 01:40, Christoph Cullmann wrote:
Hi,
just as a concrete example: what to do with
https://invent.kde.org/frameworks/syntax-highlighting/-/merge_requests/698
That is no AI spam but something that doesn't look broken and the submitter did
do manual work.
Can I now accept that just as MIT?
Greetings
Christoph
If the contributor cannot tell you the license(s) of the code that was
used to generate the code, then it's literally gambling that this code
wasn't taken from another project by Gemini and used without their
permission or used in a way that violates the license and opens up the
KDE e.V. to litigation.
This is an absolutely possible scenario if the author happens to look
around for their code being re-used. KDE e.V. CAN NOT accept AI
contributions because the source of the code isn't known.
It really scares me that we would even consider accepting this. I fully
understand that it is impossible to tell if a user is lying about
generating code with an AI, but we have to at least remove the KDE e.V.
from possible harm by rejecting code unless it is sourced from a license
and privacy respecting model. Which I'm sure there are very few of and
the ones that exist would have very little code as every single piece of
code would have to be audited by the owner of the model to ensure that
it can be distributed and used in their software, and that the owners
accepts this.
Of course, this still all boils down to trusting contributors. They can
get code from anywhere and claim at as their own. AI just makes it much
easier for them to do it.
Justin
