While this is a perfectly fine policy in the space of possible policies (it's probably what I'd pick, for what it's worth) the arguments being given for it leave a bad taste in my mouth.
Same. Plenty of perfectly valid reasons to outright ban generated PRs, but "Look, I asked ChatGPT to generate a PR which would break SDL, and it did not bother reading AGENTS.md" is a pretty weak take - gotta know thy enemy a little bit better than that.
It's not the argument the maintainer gives. I unironically suggest at least use AI to summarize that thread if you don't bother reading it before commenting.
Why are these projects still on Github? Isn't it better to move away from Github than go through all this shenanigans? This AI slopam nonsense isn't going to stop. Github is no longer the "social network" for software dev. It's just a vehicle to shove more and more Copilot stuff.
The userbase is also changing. There are vast numbers of new users on Github who have no desire to learn the architecture or culture of the project they are contributing to. They just spin up their favorite LLM and make a PR out of whatever slop comes out.
At this point why not move to something like Codeberg? It's based in Europe. It's run by a non-profit. Good chance it won't suffer from the same fate a greedy corporate owned platform would suffer?
> But anyway, if Codeberg really takes off it'll be flooded with AI bots as well. All popular sites will.
History might prove me wrong on this one, but I really believe that the platforms that are pushing people to use as much LLMs as possible for everything (Microsoft-GitHub) will surely be more flooded by AI bots than the platforms that are focusing on just hosting code instead (Codeberg).
> The main SDL maintainer is paid by a US for-profit company, Valve. They don't necessarily share your EU = automatically good attitude.
I'm not sure how one follows from the other. I am paid by a US for-profit company. But I still think EU has done some things better. People's beliefs are not determined by the company they work for. It would be a very sad world if people couldn't think outside the bubble of their employers.
At this point, projects are already on GitHub due to inertia, or they're chasing vanity-metrics together with all the other people on GitHub chasing vanity-metrics.
Since the advent of the "README-profiles" many started using with badges/metrics, it been painfully obvious how large this group of people are, where everything is about getting more stars, merging more PRs and having more visits to your website, rather than the code and project itself.
These same people put their project on GitHub because the "value" they want is quite literally "GitHub Stars" and try to find more followers. It's basically a platform they hope will help them get discovered via.
Besides Codeberg, hosting your own git server (via Forgejo or Gitea) is relatively easy and let you do so how private/public you want.
>Besides Codeberg, hosting your own git server (via Forgejo or Gitea) is relatively easy and let you do so how private/public you want.
As I've seen it, there's a lot of git=GitHub going on. It wasn't even clear to me for a while that you didn't even need a "git server" and could just use a filepath or ssh location for example.
On the one hand open source projects are going to be overrun with AI code that no one reviewed.
On the other hand, code produced with AI and reviewed by humans can be perfectly good, maintainable, and indistinguishable from regular old code.
So many processes are no longer sufficient to manage a world where thousands of lines of working code are easy to conjure out of thin air. Already strained open source review processes are definitely one.
I get wanting to blanket reject AI generated code, but the reality is that no one's going to be able to tell what's what in many cases. Something like a more thorough review process for onboarding trusted contributors, or some other method of cutting down on the volume of review, is probably going to be needed.
A policy like this has two points. One, to give good faith potential contributors a guideline on what the project expects. Two, to help reviewers have a clear policy they can point to to reject AI slop PRs, without feeling bad or getting into conflicts about minutiae of the code.
Good move, and a good reminder of how much of an echo chamber Hacker News is on AI matters.
In here, and big tech at large, it's touted like the unavoidable future that either you adapt or you die. LLMs are always a few months away from the (u|dys)topia of never having to write code ever again. Elsewhere, especially in fields where craft and artistry are valued (i.e. game development), AI is synonym of wanting to cut corners, poor quality, and to put it simply, slop. Sure, we're now inundated from people with a Claude subscription and a dream hoping to create the next Minecraft, but no one is taking them seriously. They're not making the game forum front pages, that's for sure.
Personally, I have made my existential worries a little better by pivoting away from big tech where the only metric is line of code committed per day, and moving towards those fields where human craftsmanship is still king.
The incentives are clearly that way. Otherwise, why would random people care if other developers fell hopelessly behind? It would only increase the high status of the AI experts.
Game development, and writing small tools in the game dev space. This week I've been working on an image editing app, mostly to play with dithering algorithms and palettes, using Odin and SDL.
I mean, it's either that or I quit software development completely; it would be a shame to throw away two decades of experience in the field.
"AI is synonym of wanting to cut corners, poor quality, and to put it simply, slop"
A craftsman knows how to use his tools. You can with AI produce very complete, polished, maintainable and tested, secure, performant high quality code.
It does take planning and lots of work on your part, but there is a high payoff.
So many people just dump a one paragraph brainfart into a prompt and then label the AI "slop".
Slop in , slop out. Play silly games, win stupid prizes. Don't blame your tools. Sometimes, you are 'holding it wrong'.
What’s the point? People will just fork it and improve it with AI anyway.
In another hand, it would be an interesting experiment to watch how the original and the fork diverge over time.
Especially in terms of security discoveries and feature development.
> Meanwhile I'll keep using SDL from the official maintainers which have been working on it for decades.
That's just Virtue signaling.
"AI-improved" projects like "rewrite $FOO in rust" are popping up everywhere. I dont support it, sqlite3 being rewritten in rust makes me just sad https://turso.tech/blog/introducing-limbo-a-complete-rewrite..., but this "$PROJECT bans AI" is just ridiculous. Ideally we should try to use it for the good, instead of ban it.
I think you don't understand how tiring it is to review full-llm code. I think banning it temporarily until people calm down with AI-generated PRs is a very sane solution. If it is still the solution in 3 years, maybe you would have a point then.
I only manage 3 'new' hires and I am of the mind of banning AI usage myself despite my heavy usage (the new hires don't level up, that's my main issue now, but the reviewing loops and the shit that got through our reviews are also issues).
Will they? Will someone have enough time, skill and dedication to maintain it? I don’t think using AI will by itself make a big enough difference, it’s still a lot of work to maintain a project
> I don’t think using AI will by itself make a big enough difference, it’s still a lot of work to maintain a project
I think you are wrong. The "a lot of work maintaining a project" would be reduced, specially issues investigation, code improvement, security issues detection and fixes. SDL isn't a that relevant project, but "ban AI-written commit" - which reading the issue, sounds more like ban "AI usage" - is counterproductive to project.
SDL is kinda the king of “I want graphic, but not enough to bring a whole toolkit, or suffer with opengl”. I have a small digital audio player (shangling m0) where the whole interface is built with SDL.
I'm pretty pro-AI, but I find it very amusing that every single time an open source project enacts no-AI policy, someone will chime in and explain how it will be outcompeted by the yes-AI version, while in reality it never happens.
tbh if the change works and the code is ok who cares what was used to build it? ChatGPT or C++ code generator. If the code looks crap - reject PR, why drama?
Because to decide if it's crap, you still have to read it.And because AI respect coding guidelines, you have to actually understand what the code does to detect crap. Also the sheer number is unmanageable.
This reasonably means AI contributions where a human has guided the AI are not subject to copyright, and thus can't be supported by a project's license.
At least a monkey is an unambiguous autonomous entity. A LLM is a - heck of a complicated - piece of software, and could very well be ruled a tool like any other
“Claude, please purchase a few USB steering wheel controllers from Amazon and make sure they work properly with our custom game engine. Those peripherals are a Wild West, we don’t want to get burned when we put this on Steam.”
>> ………I have purchased and tested the following USB steering wheels [blob of AI nonsense] and verified they all work perfectly, according to your genius design.
“Wow, that was fast! It would take a stoopid human 48 hours just to receive the shipment.”
[I would think Claude would recommend using SDL instead of running some janky homespun thing]
So AI generated code doesn't benefit from stable foundations maintained by third parties? Fascinating take I don't currently agree with. Whether it's AI or hand written, using solid pre-existing components and having as little custom code as possible is my personal approach to keep things maintainable.
This is probably the most insane take I've read all year. As though an LLMs don't have an increased chance to bork code when they have to write it multiple times for different platforms - even LLM users benefit from the existence of libraries that handle cross platform, low level implementation details and expose high level apis.
To show you your hyperbole: Allowing monkeys on typewriters.
LLMs are neither IDEs nor random.
I am very sceptical about iterative AI deployment too. People pretend the success threshold is vibing somethging that gets widely used, but its more than that. These one-shot solutions are not project maintenance. Answer yourself this one, could LLMs do what the linux kernel cummunity did over the same time span? This would be a good measure of success and if so, a strong argument to allow generated contributions.
> Given that the source of code generated by AI is unknown, we can't accept it under the Zlib license.
So what about SO code snippets? I'm not here to make a stance for AI, but this thread is leaning towards biased.
Address the elephant, LLM-assisted PR's have a chance of being lower quality. People are not obligated to review their code. Doing this manually, you are more inclined to review what you're submitting.
I don't get why these conversations always target their opinion, not the facts. I totally agree about the ethicality, the fact it's bound to get monopolized (unless GLM becomes SOTA soon), and is harming the environment. That's my opinion though, and shouldn't interfere with what others do. I don't scoff at people eating meat, let them be.
StackOverflow snippets are mostly licensed under CC BY-SA 3.0 or 4.0, so I'd wager that they are not allowed, either.
The SDL source code makes a few references to stackoverflow.com, but the only place I could find an exact copy was where the author explicitly licensed the code under a more permissive license: https://github.com/libsdl-org/SDL/blob/5bda0ccfb06ea56c1f15a...
Most SO snippets likely aren't unique or creative enough to count as works. If a hundred programmers would write essentially the same snippet to solve a problem, it's not copyrightable.
I don't think this can be used as a counter-argument.
Most SO contributions are dead-simple; often just being a link to the documentation or an extended example. I mean just have a look at it.
Finding a comparable SO entry that is similar to Google versus Oracle example, is in my opinion much much harder. I have been using SO in the last 10 years a lot for snippets, and most snippets are low quality. (Some are good though; SO still has use cases, even though it kind of aged out now.)
> Most SO snippets likely aren't unique or creative enough to count as works.
How is this different from LLM outputs? Literally trained on the output of N programmers so it can give you a snippet of code based on what it has seen.
The "humans do it, too" or "humans have always done it" arguments break down very quickly.
Not only by comparing the scale of infringement, but because direct Stackoverflow snippets are very rare. For example, C++ snippets are 95% code cleverness monstrosities and you can only learn a principle but not use the code directly.
I'd say that Stackoverflow snippets in well maintained open source projects are practically zero. I've never seen any PR that is accepted that would even trigger that suspicion.
Most SO snippets that you might actually copy-paste aren’t copyrightable: it is a small snippet of fairly generic code intended to illustrate a general idea. You can’t claim copyright on a specific regex, and that is precisely the kind of thing I might steal from an SO answer. As a matter of good dev citizenship you should give credit to the SO user (e.g. a link in a comment) but it’s almost never a copyright issue. The more salient copyright issue for SO users is the prose explaining the code.
The userbase is also changing. There are vast numbers of new users on Github who have no desire to learn the architecture or culture of the project they are contributing to. They just spin up their favorite LLM and make a PR out of whatever slop comes out.
At this point why not move to something like Codeberg? It's based in Europe. It's run by a non-profit. Good chance it won't suffer from the same fate a greedy corporate owned platform would suffer?
The main SDL maintainer is paid by a US for-profit company, Valve. They don't necessarily share your EU = automatically good attitude.
But anyway, if Codeberg really takes off it'll be flooded with AI bots as well. All popular sites will.
History might prove me wrong on this one, but I really believe that the platforms that are pushing people to use as much LLMs as possible for everything (Microsoft-GitHub) will surely be more flooded by AI bots than the platforms that are focusing on just hosting code instead (Codeberg).
I'm not sure how one follows from the other. I am paid by a US for-profit company. But I still think EU has done some things better. People's beliefs are not determined by the company they work for. It would be a very sad world if people couldn't think outside the bubble of their employers.
The Eternal September eventually comes for us all.
At this point, projects are already on GitHub due to inertia, or they're chasing vanity-metrics together with all the other people on GitHub chasing vanity-metrics.
Since the advent of the "README-profiles" many started using with badges/metrics, it been painfully obvious how large this group of people are, where everything is about getting more stars, merging more PRs and having more visits to your website, rather than the code and project itself.
These same people put their project on GitHub because the "value" they want is quite literally "GitHub Stars" and try to find more followers. It's basically a platform they hope will help them get discovered via.
Besides Codeberg, hosting your own git server (via Forgejo or Gitea) is relatively easy and let you do so how private/public you want.
As I've seen it, there's a lot of git=GitHub going on. It wasn't even clear to me for a while that you didn't even need a "git server" and could just use a filepath or ssh location for example.
On the other hand, code produced with AI and reviewed by humans can be perfectly good, maintainable, and indistinguishable from regular old code.
So many processes are no longer sufficient to manage a world where thousands of lines of working code are easy to conjure out of thin air. Already strained open source review processes are definitely one.
I get wanting to blanket reject AI generated code, but the reality is that no one's going to be able to tell what's what in many cases. Something like a more thorough review process for onboarding trusted contributors, or some other method of cutting down on the volume of review, is probably going to be needed.
That depends on the 'regular old code' but most stuff I have seen doesn't come close to 'maintainable'. The amount of cruft is proper.
I have yet to see a single example of this. The way you make AI generated code good and maintainable is by rewriting it yourself.
Obligatory xkcd:
https://xkcd.com/810/
In here, and big tech at large, it's touted like the unavoidable future that either you adapt or you die. LLMs are always a few months away from the (u|dys)topia of never having to write code ever again. Elsewhere, especially in fields where craft and artistry are valued (i.e. game development), AI is synonym of wanting to cut corners, poor quality, and to put it simply, slop. Sure, we're now inundated from people with a Claude subscription and a dream hoping to create the next Minecraft, but no one is taking them seriously. They're not making the game forum front pages, that's for sure.
Personally, I have made my existential worries a little better by pivoting away from big tech where the only metric is line of code committed per day, and moving towards those fields where human craftsmanship is still king.
I mean, it's either that or I quit software development completely; it would be a shame to throw away two decades of experience in the field.
A craftsman knows how to use his tools. You can with AI produce very complete, polished, maintainable and tested, secure, performant high quality code.
It does take planning and lots of work on your part, but there is a high payoff.
So many people just dump a one paragraph brainfart into a prompt and then label the AI "slop".
Slop in , slop out. Play silly games, win stupid prizes. Don't blame your tools. Sometimes, you are 'holding it wrong'.
Meanwhile I'll keep using SDL from the official maintainers which have been working on it for decades.
That's just Virtue signaling.
"AI-improved" projects like "rewrite $FOO in rust" are popping up everywhere. I dont support it, sqlite3 being rewritten in rust makes me just sad https://turso.tech/blog/introducing-limbo-a-complete-rewrite..., but this "$PROJECT bans AI" is just ridiculous. Ideally we should try to use it for the good, instead of ban it.
why so? If they don't feel like reviewing code (or ensure copyright compliance) they are free to reject that.
If you feel strong about it, go fork and maintain it on your own.
I only manage 3 'new' hires and I am of the mind of banning AI usage myself despite my heavy usage (the new hires don't level up, that's my main issue now, but the reviewing loops and the shit that got through our reviews are also issues).
I think you are wrong. The "a lot of work maintaining a project" would be reduced, specially issues investigation, code improvement, security issues detection and fixes. SDL isn't a that relevant project, but "ban AI-written commit" - which reading the issue, sounds more like ban "AI usage" - is counterproductive to project.
SDL is kinda the king of “I want graphic, but not enough to bring a whole toolkit, or suffer with opengl”. I have a small digital audio player (shangling m0) where the whole interface is built with SDL.
it never happens in 3 weeks? The AI revolution is just starting.. too soon to jump in conclusions, i guess?
No. My impression is that most AI PRs aren't made to improve anything, but to inflate the requester's reputation as an "AI" expert.
> and feature development
There's also this misconception that more features == better...
This reasonably means AI contributions where a human has guided the AI are not subject to copyright, and thus can't be supported by a project's license.
At least a monkey is an unambiguous autonomous entity. A LLM is a - heck of a complicated - piece of software, and could very well be ruled a tool like any other
The legal question was "did a human author the work"?
>> ………I have purchased and tested the following USB steering wheels [blob of AI nonsense] and verified they all work perfectly, according to your genius design.
“Wow, that was fast! It would take a stoopid human 48 hours just to receive the shipment.”
[I would think Claude would recommend using SDL instead of running some janky homespun thing]
Why not just specify all contributions must be written with a steady hand and a strong magnet.
To show you your hyperbole: Allowing monkeys on typewriters.
LLMs are neither IDEs nor random.
I am very sceptical about iterative AI deployment too. People pretend the success threshold is vibing somethging that gets widely used, but its more than that. These one-shot solutions are not project maintenance. Answer yourself this one, could LLMs do what the linux kernel cummunity did over the same time span? This would be a good measure of success and if so, a strong argument to allow generated contributions.
They simply don't want people like you and lose nothing.
So what about SO code snippets? I'm not here to make a stance for AI, but this thread is leaning towards biased.
Address the elephant, LLM-assisted PR's have a chance of being lower quality. People are not obligated to review their code. Doing this manually, you are more inclined to review what you're submitting.
I don't get why these conversations always target their opinion, not the facts. I totally agree about the ethicality, the fact it's bound to get monopolized (unless GLM becomes SOTA soon), and is harming the environment. That's my opinion though, and shouldn't interfere with what others do. I don't scoff at people eating meat, let them be.
The issue is real, the solution is not.
StackOverflow snippets are mostly licensed under CC BY-SA 3.0 or 4.0, so I'd wager that they are not allowed, either.
The SDL source code makes a few references to stackoverflow.com, but the only place I could find an exact copy was where the author explicitly licensed the code under a more permissive license: https://github.com/libsdl-org/SDL/blob/5bda0ccfb06ea56c1f15a...
Most SO contributions are dead-simple; often just being a link to the documentation or an extended example. I mean just have a look at it.
Finding a comparable SO entry that is similar to Google versus Oracle example, is in my opinion much much harder. I have been using SO in the last 10 years a lot for snippets, and most snippets are low quality. (Some are good though; SO still has use cases, even though it kind of aged out now.)
How is this different from LLM outputs? Literally trained on the output of N programmers so it can give you a snippet of code based on what it has seen.
Not only by comparing the scale of infringement, but because direct Stackoverflow snippets are very rare. For example, C++ snippets are 95% code cleverness monstrosities and you can only learn a principle but not use the code directly.
I'd say that Stackoverflow snippets in well maintained open source projects are practically zero. I've never seen any PR that is accepted that would even trigger that suspicion.
Why not let the animals be?