Hello Guix, Let's continue the discussion over https://codeberg.org/guix/guix/issues/6087 here. For context (there are also comments not quoted in this message, please also visit the issue),
On 2026-02-03 at 00:29Z, Nguyễn Gia Phong wrote: > Some upstreams recently started to use LLM in development, > e.g. rsyslog [0]. Personally I expand "LLM" > to "license laundering machine", so we will need to stop > upgrading it [1] up until a certain version, > but others may disagree, hence this discussion. [0]: https://www.rsyslog.com/doc/about/ai_first.html [1]: https://codeberg.org/guix/guix/pulls/6056 On 2026-02-04 at 22:42Z, Hugo Buddelmeijer wrote: > LLM use is indeed an extremely broad topic, > so maybe this discussion should be split up in smaller parts. Before I respond to the more other comments, I want to emphasize about the scope of this discussion. This is about software freedom, not other criticisms towards LLMs such as code quality, climate impact, oligopoly, market manipulation, or digital ~nationalism~ sovereignty. I also assume we share the following axiomata. 1. No existing LLM limits its training data to works belong to the public domain. 2. LLMs may leak their training data, outputing verbatim copies of their training materials. 3. From around 15 lines of code/text is eligible for copyright [2]. 4. We do not take upstreams' copyright claims for granted. [2]: https://www.gnu.org/prep/maintain/html_node/Legally-Significant.html On 2026-02-04 at 09:06Z, Florian Pelz wrote: > Do we disagree on whether taking snippets from others is acceptable? I think being able to reuse snippets is one of the goals of the free software movement (FSM), with the condition that the original license is respected. Relicensing works whose copyright one does not hold is not only illegal but can also take away users freedom when - Attribution is removed, users would not be able to locate the original's parent work to exercise their software freedom, or - Copyleft is removed, the derivitive's parent work is intended to be part of a ~open-core~ proprietary project. On 2026-02-04 at 09:06Z, Florian Pelz wrote: > if they keep up the rsyslog way of working, [commit 262b22d82a], > likely they will never be shoplifting significant portions of code. [commit 262b22d82a]: https://github.com/rsyslog/rsyslog/commit/262b22d82a40811ee14ed2cc3ff930d8eb45c9d4 This commit include multiple hunks exceeding 15 LoC. If they were (modifications of) LLMs' output, this will be license laundery (see axiomata 1, 2, and 3). On 2026-02-04 at 09:06Z, Florian Pelz wrote: > We should not shun them just because maybe. There are different kinds of maybes. Baseless suspicion is one thing, rsyslog openly admitting to use LLMs' output is clearly another. The uncertainty here is about which snippets must be rewritten to revert the copyright violations, not if they did something wrong. On 2026-02-03 at 09:37Z, Yelninei wrote: > While I am not a fan of LLMs personally > how do you plan to enforce such a thing generally? [...] > When looking at the code I do not know which parts > have been generated by an LLM and which ones are not, > same if they just copied code from somewhere else > without following the license of the other project. On 2026-02-04 at 09:06Z, Florian Pelz wrote: > Software contributors without LLM are not all saints either; > we could ban the world. On 2026-02-04 at 12:16Z, Sharlatan Hellseher wrote: > if we follow the way, "no LLM generated code is allowed" > we, as maintainers, have to check each of the included > (30000) packages in the current collection to cover that claim. On 2026-02-05 at 18:31Z, Wilko Meyer wrote: > Unless upstream states that LLMs have been used, there's no way > in knowing for sure if we're dealing with human-made > or LLM-generated slop, or if there's reason to doubt the authorship > of a piece of software (e.g. that the claimed author > even wrote all parts themselves). I suggest we take the reactive approach: if a package become known to us to be bad (violating copyright, containing backdoor, failing to build) then we either make it good or remove it. Even if it makes zero difference in practice, contributors and users (myself included) would like to know if Guix welcome and redistribute license-laundered works. On 2026-02-03 at 09:37Z, Yelninei wrote: > The authors claim that the source is distributed under LGPL/GPL/Apache > which is compatible with any definition of free software. [...] > By continuing to publish source code under that license > I as a user can only assume that they have the right to do that > which then allows Guix to redistribute it under these terms. On 2026-02-04 at 18:31Z, Wilko Meyer wrote: > The only criteria we realistically do have, to evaluate > whether a piece of software can be included in guix, > is whether or not it's licensed as free software. I would like to phrase this as "whether it can be freely licensed as declared". A project claiming to be under Apache with snippets from others under GPL or Expat without disclosing the fact (axiom 4) can still be free software, even though the FSM should refrain from promoting it. Likewise for the effect of usages of LLMs trained solely on free software (if we believe who try to sell them). Actions speak louder than words. If we have evidence of someone taking the Nvidia's source leak and saying it's under a GPL, we should not close our eyes to package it and defer all liability to that upstream. Copyleft, and by extension, the FSM which includes GNU Guix, is about playing the fair game. FWIW I do like warez groups, I just don't think this is the right place to have their attitude. On 2026-02-04 at 22:42Z, Hugo Buddelmeijer wrote: > But FYI, I have had several LLM-chats among the lines > of "This is a Guix package definition I wrote, but doesn't work, > can you figure out why?" Or inquires how to do things in guile. > [...] And some of the resulting code probably made it > into Guix itself already, [...] the cat is out of the bag. > We need discussions like this (on all levels of society) > to make the transition smooth, but the world is not going back. > And that transition could be a good thing, if we guide it well. TBH I wished you communicated this earlier, because what happened here is sort of like while helping a keeping-cats-in-bags cause, you let one out, which is okay BTW, that's why we are here, just not a reason to stop the effort altogether. The free software movement exists precisely to turn back the transition to a world of proprietary software. The whole point is to not compromise just because that's where the world is going. On 2026-02-05 at 04:09Z, Ian Eure wrote: > On 2026-02-04 at 22:42Z, Hugo Buddelmeijer wrote: > > Because I consider it rude to ask on IRC before asking the toaster. > > Based on my conversations and observations in #guix, most folks there > would prefer asking in the channel than using LLMs. I don't think I've ever be in any project's chat room calling contributors rude for asking how to do things, including trivial stuff. However, probably due to TZ differences, the majority of my interactions in #guix are ignored. I don't have any solution for this as I know we are lacking human power, just wanna share my empathy. So blong, Phong
signature.asc
Description: PGP signature
