On Thu, Apr 2, 2026, at 09:14, George Rosamond wrote: > I want to initiate a thread on the "BSDs and AI today." > > A few things first. > > There are many levels to this discussion, and for the sake of clarity > and sanity, please top posting. All replies should be inline. > > This is useful: > https://subspace.kernel.org/etiquette.html#do-not-top-post-when-replying > > I'm looking to do a presentation on this in the summer for NYC*BUG. > There hasn't been anything in our community which provides the > high-level overview of the impact of AI, covering things from the impact > on the BSD operating systems to the impact on $job, etc. Hopefully this > thread can provide some raw materials, and become an outlet for > individual experiences and more general views. > > I initiated a similar fruitful (but private) discussion for another > open-source project, and think it's high-time for us to do the same on > a public list. > > *** > > There's a few layers to this discussions. Note these are discussions > points, not "Yes" or "No" surveys. > > * How are LLMs (big tech or otherwise) impacting $job now? Are you using > Claude Code or similar tools for day to day? Was it required or was it > your choice? Was there expectations from this tools in terms of > productivity, etc? This question raises the impact of AWS Bedrock/Kiro...
I have heard companies that talk about these tools as enabling 1000x developers. The wise ones still see LLM use as experimental, but enough people have produced production ready code in record times that every developer is expected to join the experiment. To go on a tangent about people becoming unnecessary... I don't think technical people will become unnecessary. As stated in other answers, coding agents need people to give them the feedback that what they are doing is what is required. Whether it is in Rust or a series of precise project specifications and test requirements, someone who understand the problems needs to be involved. As a 2016 cartoon put it, "Do you know what the industry term is for a project specification that is comprehensive and precise enough to generate a program? Code." [https://www.commitstrip.com/en/2016/08/25/a-very-comprehensive-and-precise-spec/?] So, to answer your question, the expectation is to use LLMs but also to still get things done. This is stressful, but similar to the stresses of how to be a SysAdmin to 10's of thousands of servers as opposed to 10's of servers. > * Should BSD projects have explicit LLM-focused policies? Look at the > 2nd point in the NetBSD "Commit Guidelines" at > https://www.netbsd.org/developers/commit-guidelines.html. OSS-Security > already discussed the issue with alleged CVEs discovered by people with > LLMs trying to stack their resume with credentials. I don't agree that code from LLMs is tainted, in the licensing sense of the word. I think it is completely public domain, but that is my opinion. What comes from an LLM is a generalization of all the different things that were inputed into the models. It is very rare that the input comes out unaltered and unprocessed. That is why I think it is something new. Now the legality and morality of how the LLMs were built is another matter. One I will opt to not discuss at this time. I do agree that each BSD should adjust their policies in so far that LLMs will change the volume and nature of code submitted to them. Existing policies will probably be challenged by these changes. The policies should get ahead of problems as much as they can. > * How should the BSD projects themselves be using LLMs? Integration in > the shell (oh, please no...)? Porting of APIs for big tech LLMs? > Utilizing LLMs to discover bad code, CVEs, undiscovered vulnerabilities? I think LLMs can offer hackers relatively inexpensive ways of fining novel bugs, zero-days, and chained vulnerabilities in any code base. BSD projects should do this work themselves and fix the problems as best they can. > * How should individual developers and users consider LLMs as tools for > contributing to the BSDs and other open-source projects? I happily used > a big tech LLM to deal with an rc file for some very Linuxey software > wrapped up in systemd clutter. LLMs are great at "talking to a code base". I think LLMs will make it possible for individual developers to hack on BSD and other open-source projects in novel ways. I don't think BSD projects or any developer should become 100% reliant on LLMs though. As others have stated, these models are dependent on large corporations that have nothing FREE about them. I would love to see local models that run on BSD on a PC get to the point that they can create the sense of coding in the same room as Guido can Rossum or Stephen Bourne. But I have not dived that deep into AI tooling to know how realistic that is. - r
