Hello,
On 07/02/2026 00:30, Even Rouault wrote:
Thanks for your feedback. Yes copyright / IP issues are a tricky problem to deal with and you make good points on how things could go wrong. That said, in practice I believe most generated code would be mostly derived from QGIS itself, QT code or doc or be non-copyrightable material. I can
I seriously doubt that, given the amount of copyrighted material that has
already been used to train LLMs. And most important, we have no way to know
that, except if the LLM companies get subpoenaed and disclose hidden practices
when asked in court.
Believing is not enough when talking about legal stuff.
imagine though that contributions including non-trivial algorithms could possibly be infringing copyright. In that situation, the reviewers could ask the
Even simpler code can be plagiarized, not only non-trivial algorithms.
submitter to bring more light on the provenance of such code (the contributor
may ask the LLM to dig for references for the provenance and check they are OK
with GPL2 inclusion, being aware that the LLM could hallucinate them...), and
if no satisfactory answer is given, reject the contribution. But that can be
admitedly hard to spot for reviewers. I'd be happy to amend the QEP with that
if someone can propose an adequate formulation.
Again, a reviewer has no way to know or imagine that a code has been
plagiarized : you would have to be aware of the full training dataset of the
LLM, and this is 1. behind closed fences 2. not humanly possible.
I've doubts a "no AI" policy is achievable in practice, or people will lie. As you
mention, we can require people to mention the tool they have used, possibly the prompt(s) they use,
which manual modifications they applied on top of that. Doesn't the paragraph starting at line 35
(https://github.com/qgis/QGIS-Enhancement-Proposals/pull/363/changes#diff-4f4102e51f04fdfc82e843c6942abe9965c03ac85a92e9becf21bcca8b5571adR35)
cover enough your point about "have a mandatory mention and description of LLM usage for each
contribution" ?
Lying about not using AI is just like lying about being sure one has the right
to contribute the code ( see contributor's agreement ) : if this is a rule, we
ask people and they lie, then we should also have sanctions and be strict about
it.
For me, full transparency about usage of a blackbox **for code generation** is
not enough as a protection against legal matters. For anything else that can be
AI-aided, this is more about resiliency, transparency and trust, and we should
make it clear that explaining exactly how AI has been used is mandatory and
should be given along every contribution.
The main driver for this QEP was to give us a tool to be able to quickly reject
sloppy contributions with a solid reference to back our decisions, but we must
indeed decide whether we go further than this.
I guess there is matter to debate and a lot of uncertainty. Hence the
conservative approach, to avoid the worst and maybe open it later on whenever
we see the situation clearer.
For that purpose, I've created a quick poll at
https://docs.google.com/forms/d/e/1FAIpQLSdnVWoD5DrwCbNXqPqHsLw2jfbLkPMKBkvfyQfTQOPZkj_EaQ/viewform
so we can gather opinions on the general direction we want on that subject.
All, please fill!
Ok to gather more advice, thanks for running the poll,
Vincent
Even
Le 06/02/2026 à 18:01, Vincent Picavet via QGIS-Developer a écrit :
Hi,
I would double-down on Greg Troxel's advice concerning copyright issues,
especially concerning the introduction of LLM-generated code into QGIS codebase.
Opensource's success is based on these main characteristics : quality,
security, trust.
AI contributions pose a threat to quality, security and trust alike.
A human-in-the-loop policy for contributions written with AI may help for
quality and security issues, but will still leaves a huge problem for trust.
Among the various aspects of trust, what worries me most right now is the
copyright issue. OpenSource software is based on intellectual property laws,
and especially on copyright, to be able to derive copyleft and grant more
rights to end-users.
End-user trust opensource software from a legal point of view because :
- they are backed by well-established copyright laws
- they have clear and well established end-users contracts ( opensource
licences )
- they have a full record of modifications of the source code, hence a full
lineage and certification of IP rights for the code
- also, foundations like OSGeo additionnaly put a stamp on the software to
guarantee that process and initial IP can be trusted enough to have a legal
insurance concerning the software
Introducing IA black boxes into the development process breaks the ability to
control the lineage of the code and guarantee that it is a genuine invention,
and therefore allowed to be licenced under the GPL.
For quality and security, a developer can always intrinsically assess that the
generated code has the required level of quality, and that it does not include
any security flaw.
But **there is no way for a developer to evaluate the IP rights on a code
generated by a LLM**. How would one do it, since the code has been generated
through a total opaque black box ingesting non-identified enormous volumes of
data ?
Today, we definitely know that LLMs ( ChatGPT, Claude and others ) have been
trained on illegal copyrighted material. It is proven that they trained LLMs on
pirated books. Furthermore, every time someone complaints about IP violation by
LLM, big corps settle a financial arrangement with the copyright owners and
move on.
There is therefore no doubt that they have also trained LLMs on proprietary
code. And also on opensource code not compliant with GPLv2+.
Big corp. currently hide behind a "fair use" argument, but this is clearly
rubbish, otherwise why would they bother to settle large financial deals with copyright
owners ?
So, LLM-generated code contributed to QGIS will at some point be plagiarized
from random code available on the internet, and neither QGIS.org nor the
contributor will be able to know.
If we start accepting such code without being able to check provenance or
copyright issues, it will end up buried deep inside QGIS, and the day we will
discover that it infringes copyright, it will be a nightmare to solve : in this
case we will want to revert all incriminated code, and also all code depending
on the plagiarized code **and have it rewritten from scratch by someone who has
never read the plagiarized code** ( ref : SCO/UNIX for example ). This is
almost impossible.
This would be a nightmare, just for one identified contribution.
Even more, if/when the fair-use principle of LLMs falls down, then all
LLM-generated code should be removed from QGIS, and all code depending on it.
This is a really high risk with high impact.
You may say : "ok but everyone does it, the chances of being caught are low, why not
benefit from the opportunity ?"
Then what about "everyone copies GPL code into proprietary code, the chances of
being caught are low, why not benefit from the opportunity ?"
Copyright is at the foundation of OpenSource software, and especially GPL-based
software. If we choose to deny it, then we loose our core principle.
In the text Even propose, there is a copyright section, pushing the
responsibility of IP compliance control back to the contributor. It may protect
QGIS.org or other developers from being sued whenever there is a problem, or
they could sue back the faulty contributor, but this is not enough :
- the faulty contributor has no way to ensure his generated code has no IP
issue ( other than NOT using LLMs ) : responsibility without any mean of action
is not fair and sustainable
- even if the QGIS projet can avoid being convicted by transferring
responsibility, then the situation would still be open and be a nightmare :
removing plagiarized code entangled down the core of the software and all its
dependency code, and rewrite it without IP issue is really hard
Therefore, I do not think this mention is enough for IP protection.
This rationale concerns the generated code itself, contributed to QGIS or other
software in the ecosystem. LLMs may be useful and without IP risks to help find
bugs, write parts of documentations where there is no risk of plagiarism, or
other use cases.
But I would definitely **forbid any generated code to be introduced into the
main source code because of IP risk**.
Also, the least we can do for any contribution, is not only to have a human in
the loop, but also to have a mandatory mention and description of LLM usage for
each contribution. This would at least give traceability. It does not solve
anything, but in case of a problem, we could at least start to investigate.
A am glad this conversation takes place, and willing to pursue the discussion,
sorry for having been long.
Have a nice weekend,
Vincent
On 31/01/2026 01:01, Greg Troxel via QGIS-Developer wrote:
I would suggest a much stronger policy:
no LLM-generated code or discussion may be submitted to any QGIS forum
The idea that LLM-generated code has been "reviewed" intends to be that
it is of high enough quality that it is reasonable for *humans* to spend
time reviewing it. But I don't believe that asking that it be reviewed
will achieve that in practice.
I've already had the experience (in a different project) of seeing a
posted PR(ish, patch on list), taking the time to comment, and getting
LLM-generated (vacuous) replies to my comments.
Besides the ethical problems with asking humans to review, improve,
judge or in any other way pay attention to LLM output, there's the
problem of copyright. While machine-generated text isn't copyrightable
as is, LLM output is a derived work of stolen human work, scraped
and used without permission, often as DDOS.
On the basis of each reason, I believe the policy about LLM should just
be "no".
_______________________________________________
QGIS-Developer mailing list
[email protected]
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
_______________________________________________
QGIS-Developer mailing list
[email protected]
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
_______________________________________________
QGIS-Developer mailing list
[email protected]
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
