On Wed, Jun 3, 2026 at 7:36 AM Paolo Bonzini <[email protected]> wrote: > > On 6/2/26 17:53, Stefan Hajnoczi wrote: > >> Related to this, and already visible in the incredible uptick in > >> security reports, is the question of maintainer burnout and the shift in > >> effort from the author to the reviewer of the code. AI lowers the cost of > >> producing a patch but does nothing to lower the cost of understanding and > >> reviewing one; if anything it raises it, since a reviewer can no longer > >> assume that the submitter has reasoned through every line. The limits > > > > Can you rephrase this sentence? I'm afraid that taken out of context > > it looks like you're saying reviewers no longer need to understand the > ^^^^^^^^^ > > I guess you mean authors?
Yes. > > patches they are submitting. > > > > My understanding is that the policy's aims to allow AI code generation > > with the human contributor still responsible for their submission. > > Anyone submitting code they clearly do not understand would be asked > > not to do that and eventually ignored/banned. > > True, but somebody needs to find out first. :) This paragraph is just > an observation of the state of affairs with LLMs, even if they're not > allowed. > > > Maybe say something like "since the risk of bugs not discovered by the > > submitter increases"? > > That's a good replacement but it then leaves unanswered the question of > why that can happen more easily... > > The point is that it's much easier to submit code way beyond your > understanding, and not realizing that in good faith. I understand why > you don't like the original phrasing though. > > Maybe "despite requiring the submitter to understand the code they're > sending". That's fine too, thanks! > >> - **Current QEMU project policy is to DECLINE any contributions which are > >> - believed to include or derive from AI generated content. This includes > >> - ChatGPT, Claude, Copilot, Llama and similar tools.** > >> + Please read the below policy before using AI to contribute code or > >> + documentation to QEMU. This applies to ChatGPT, Claude, Copilot, > >> + Llama, and similar tools.** > > > > Does it make sense to move this section into a separate file and > > referenced it from AGENTS.md so that AI operating on the codebase is > > aware of the policy? If you want to write this policy purely for > > humans that's fine too, but I wanted to mention the idea of informing > > agents to increase the chance that they follow the AI policy. > > > > In other words: > > > > Agents must refuse tasks that are not in accordance with this policy. > > I think Alex was considering that, so I left it as a next step. Okay. Stefan
