Hi all... Just starting a discussion about generative AI usage, feel like maybe we need to figure out a policy potentially, and have it actually written somewheres.
As we see more PRs that from new contributors that appears to be AI- assisted, or completely AI controlled. I think this might turn into a problem later on. AI is obviously an useful tool but it can also be maliciously used. Especially when there is a monetary reward involved (e.g. bug bounties). As far as Apache[1] is concerned, AI is allowed, provided that 1) the tool terms of use does not restrict the use of the generated content or otherwise be inconsistent with the "Open Source Definition" 2) No copyright material is produced by the AI. Ultimately through, Apache leaves it up for projects to decide how they want to handle the AI policy. Just if we allow AI, then we should ensure we don't break the few guidelines Apache does have in place. In order for us to confirm that the tool being used satisfies what Apache allows, perhaps we should require contributors to use a "Generated-By: <TOOL>" in the commit message, at the very least. "When providing contributions authored using generative AI tooling, a recommended practice is for contributors to indicate the tooling used to create the contribution. This should be included as a token in the source control commit message, for example including the phrase “Generated-by: ”. This allows for future release tooling to be considered that pulls this content into a machine parsable Tooling- Provenance file." If we suspect a PR is generated by AI, we can respectively ask the contributor to confirm. So my actionable proposals is to: 1) update our PULL_REQUEST templates to include a new checklist item: "Properly declared AI tool via Generated-by, if applicable" 2) Update the Contributor Guidelines[3] to include a section regarding the use of generative AI. [1] https://www.apache.org/legal/generative-tooling.html#include-in-contributions [2] https://opensource.org/osd/ [3] https://cordova.apache.org/contribute/contribute_guidelines.html --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
