Hi, I agree AI is making the plugin's ecosystem being boosted, with all
the good and bad sides you mentioned.
I like the idea of a field in metadata.txt for a spontaneous disclosure.
From what we see on PR's or security disclosures is that some AI users
are reluctant to reveal they worked with AI. And probably, many dev's
will use a bit of AI autocompletion most of the time.
It takes some rounds of discussions to spot that they don't fully
understand the code they produced, which is the famous AI slop.
So in my opinion, we should be able to use a `ai_possible_derivative`
flag as moderators, from the plugin's catalog. Maybe it is time to set
up a full community discussion and voting system, just as internet
browsers do for plugins.
One should be able to signal a malicious, or badly coded plugin
triggering crashes. And moderators should be able to ban / alert / flag
plugins beyond the volontary metadata.txt tooling. And maybe we would
have to add automated scanners for security security, code smells, and
now AI smells..
Maybe Lova could tell us about ho this is doable, and if we have the
resources to do this this year.
Cheers
Régis
On 2/9/26 14:36, Admire Nyakudya via QGIS-Developer wrote:
Dear All
The rapid proliferation of AI tools has led to a noticeable increase
in QGIS plugins being created and uploaded to the registry.
The bonus points for these new plugin are:
* functionality gaps are being filled faster
* workflows are consolidated
* innovation is happening at pace.
However, it also introduces new challenges for the QGIS plugin
ecosystem, particularly around trust, review, and governance.
While responsibility ultimately lies with end users to decide which
plugins they trust, the growing use of AI-assisted or AI-generated
code raises additional concerns beyond those already discussed in
recent QGIS pull requests/code base related to AI usage.
The plugin approval process relies heavily on volunteer effort and
with the many plugins being uploaded we have to rely heavily on
authors to submit high-quality, secure, and maintainable code.
The plugin review process is not focused on code review but does so in
limited circumstances. End users rely on author reputation, plugin
ratings— as indicators to trust the plugin quality and usefulness.
To improve transparency and support informed decision-making, it may
be worth introducing an optional metadata flag in *metadata.txt*, for
example:
*ai_derivative = yes*
All existing plugins could default to no, with the flag applied to new
or updated plugins going forward. This would not act as a quality
judgement, but rather as a disclosure mechanism, allowing users to
filter plugins and assess trust based on their own criteria, alongside
authorship and plugin rating.
Regards
Admire (Active plugin reviewer)
--
Email Signature
GIS Engineer
Location: Geolocate me here <https://w3w.co/amused.thunder.wins>
Phone: +27639664031 <tel:+27639664031>
Email: [email protected]
Social Media:
* LinkedIn <https://www.linkedin.com/in/mazano-gis-geek>
* GitHub <https://github.com/NyakudyaA>
_______________________________________________
QGIS-Developer mailing list
[email protected]
List info:https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe:https://lists.osgeo.org/mailman/listinfo/qgis-developer
_______________________________________________
QGIS-Developer mailing list
[email protected]
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
