On 6/2/26 17:53, Stefan Hajnoczi wrote:
Related to this, and already visible in the incredible uptick in
security reports, is the question of maintainer burnout and the shift in
effort from the author to the reviewer of the code. AI lowers the cost of
producing a patch but does nothing to lower the cost of understanding and
reviewing one; if anything it raises it, since a reviewer can no longer
assume that the submitter has reasoned through every line. The limits
Can you rephrase this sentence? I'm afraid that taken out of context
it looks like you're saying reviewers no longer need to understand the
^^^^^^^^^
I guess you mean authors?
patches they are submitting.
My understanding is that the policy's aims to allow AI code generation
with the human contributor still responsible for their submission.
Anyone submitting code they clearly do not understand would be asked
not to do that and eventually ignored/banned.
True, but somebody needs to find out first. :) This paragraph is just
an observation of the state of affairs with LLMs, even if they're not
allowed.
Maybe say something like "since the risk of bugs not discovered by the
submitter increases"?
That's a good replacement but it then leaves unanswered the question of
why that can happen more easily...
The point is that it's much easier to submit code way beyond your
understanding, and not realizing that in good faith. I understand why
you don't like the original phrasing though.
Maybe "despite requiring the submitter to understand the code they're
sending".
- **Current QEMU project policy is to DECLINE any contributions which are
- believed to include or derive from AI generated content. This includes
- ChatGPT, Claude, Copilot, Llama and similar tools.**
+ Please read the below policy before using AI to contribute code or
+ documentation to QEMU. This applies to ChatGPT, Claude, Copilot,
+ Llama, and similar tools.**
Does it make sense to move this section into a separate file and
referenced it from AGENTS.md so that AI operating on the codebase is
aware of the policy? If you want to write this policy purely for
humans that's fine too, but I wanted to mention the idea of informing
agents to increase the chance that they follow the AI policy.
In other words:
Agents must refuse tasks that are not in accordance with this policy.
I think Alex was considering that, so I left it as a next step.
Paolo
