DE version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
58% Positive
Analyzed from 5842 words in the discussion.
Trending Topics
#code#more#contributions#human#don#policy#generated#project#quality#open

Discussion (143 Comments)Read Original on HackerNews
However, I don't think this will discourage AI-based coding at all. In fact, I see two potential outcomes of these policies:
- Negative: Submitters just add stylistic markers to make their accounts and output seem human-generated. This is like syntactic sugar: the core content and the size of contributions stay the same, but the style gets quirkier.
- Positive: Submitters actually provide to-the-point, no-bullshit commits and comments - "here's the code, here's why I made that change, here are the effects of that change". Even if AI-generated, these small contributions may become much easier to verify & validate. We may even see some standardization in terms of what qualifies as an appropriately sized contribution, what requires more thorough review (e.g., adding unverified dependencies), etc.
I personally wouldn't care if it was AI-generated or not, as long as the content fit the latter category.
From my experience reviewing, most contributors never read the policies, especially those making a "quick AI PR". I don't expect the new policy to change this much.
> Positive: Submitters actually provide to-the-point, no-bullshit commits and comments
That would be a dream.
True. At least with a policy about it, the project maintainers can unilaterally close such PRs without further internal or external discussion on any case-by-case basis.
Though the most important aspect is that we need to know the motivation and thought process, and all AI can do is fabricate a 'plausible' one.
The policy allows the reviewer to reject it on the "AI" grounds.
… but still unfortunately leaves reviewers having to spend time checking submissions and rejecting them.
I think this may be an example of deliberate hostile design, attempting to force users to adopt LLM based solutions to then summarise the vast output. Pushing back against AI contributions as such in this context makes sense, especially in software with an existing proven track record of great value delivery like Godot.
The problem is that a lot of AI contributions are lazily produced without review. Those that have been properly reviewed for correctness (tested to ensure actually working with no obvious undesirable side effects, tweaked where needed to be readable and understandable, fitting the other guidelines of the project, etc) will be indiscernible from human-only contributions, but there are a lot of people who make no such effort so the majority are not nearly this good.
1. 400 chars/10 lines per commit
1b. Not more than 3 commits in the initial pull request
2. 20 lines of explanation for pull request
3. not more than 3 pull request open at any one time
If commits written by AI wouldn't be substantially different, there would be no need to reject them.
So I agree with you that it won't discourage AI-based coding. But that's not even the intent.
Contributors can have good intention but verbosity and number of automatically submitted issues kills it.
Few days ago, I have found a small json-based bug in one of popular software. So I submitted an issue that was written by Claude. But it was so verbose that explanation was longer than the bug itself :) So I had to shorten the text manually.
Isn’t there a /skill for this?
So why the hate? :)
https://xkcd.com/810/
Personally I'm also experiencing a bit of AI hangover after using it a lot in my own open-source projects. I find it's a bit like taking drugs (not that I have much experience with that) in the sense that in the moment I'm using these tools I feel great and powerful, writing features in a span of hours that would've taken me weeks to write by hand. But inevitably some time later I will look at the code and notice all the subtle cracks and inconsistencies the tool introduced, and despair a bit at the mess.
I now plan to use these tools less for extensive feature development and more for planning, debugging and narrow refactoring where I can put very strict guardrails on them. I'd still say it accelerates my work but not by a factor of 10, more like 1.5-3 (which is still a lot) given the care you need to ensure what is being built is actually good. For what I really like these tools is that I need less mental focus to do coding, but on the other hand I have this new kind of fatigue of being in a constant chat loop with a machine and trying to get it to do stuff based on natural language, never knowing how it will interpret what I write and wrote before. In that sense, these tools don't feel satisfying, it's like operating a machine where you try to push some buttons to get it to do something but the internal wiring changes all the time so you never know exactly what a given button combination will do and you have to figure it out by watching the machine and constantly adapting.
No, we don't have to. We can just write code ourselves.
(My condolences to people who have jobs where AI is mandated.)
What AI unlocks is contributions from folks who are not at all involved in the project, and creating a PR is no longer enough to clear the gate of “this person is at least somewhat interested in the success of the project”.
AI is a force multiplier when wielded properly, but as an OSS maintainer, it’s easy to drown in prolific, low value “contributions” from folks who don’t care about the project.
Important to note that fast never meant much to open source and for good reason.
It was never a moat.
Moving fast and getting to the right destination is a huge moat. AI changes nothing here.
Our current generation of AI tools still seems to be very much not there when you really try and use it's output
There's a problematic dopamine dynamic as well where it's far too easy to reach for an AI when doing some work or starting a new project
I'm currently trying to dopamine hack my brain back to preferring to handwriting the majority of my code as opposed to reaching for claude
Time will tell if this is just a phase and it will get better or we'll need some sort of LLMs-anonymous
Very relatable. I wasted 2 weeks of full time effort earlier this year building a helper library with Sonnet. It was the first (and the last) time I vibe coded something. Once I was satisfied with it, I began using the library and within 2 days I was certain it was all for nothing. I will never get those 2 weeks back, but a lesson has been learnt.
https://codeberg.org/brib/slopfree-software-index
https://noai.starlightnet.work/list.html
I can't think of a functional reason for a no-AI policy: if it runs, it runs, regardless of who or what made it.
Also, even if you avoid AI-generated slop, you can't really avoid the human-generated or human+AI-generated slop that passes your filters.
Still, I can definitely think of good non-functional reasons: provenance, accountability, proof-of-work, encouraging people to write code themselves, empirically tracking how humans develop codebases, etc.
1. Accept quality contributions from someone who understands what they're doing
2. Cultivate a relationship with the contributor who might potentially become a core-team member. Maybe even the next maintainer
https://codeberg.org/brib/slopfree-software-index#why-care-a...
Not exactly an argument against using AI, is it? It's a bit like saying that GPS makes people worse at navigating by memory, which is true, but also not a strong argument for going back to paper maps. I feel the discourse is more about "stop using AI" and less about "how can we ensure our backup skills doesn't disappear".
And some projects like WINE or ReactOS probably have to worry about that even more given they need to guarantee clean-room reverse engineering...
There are probably some subtle bugs I can't explain in the code I wrote all by myself. I sure had a few "what was I possibly thinking when I wrote this" moments working on some old code - and that's only the bits I know about. And I sure had countless times people pointing out "hey, you got this stinky here" in a code review (which is the whole point of it). Attention lapses and brain farts sure happen. Slop can be more frequent with LLMs but it's certainly not a LLM-specific issue. They're very productive, there's a literal outbreak, and by the sheer volume shadow any The Daily WTF stories.
However, I can agree that LLM-generated code most likely has higher probability of slop. But then, a policy "a human contributor MUST fully know and understand all the contents of the submitted work, in fine detail, all the way down to every single line of contributed code and documentation" would probably address that in a more functional manner. And then the code can be from an LLM or monkeys with typewriters author had seen in his sleep. That stops to matter because author takes ownership and responsibility: "here's a recognized rational agent who swears by their work". Makes non-self-authored code require a lot more effort (unless it's a trivial change for obvious reason), but arguably even more robust than self-authored code.
That is, unless the PR authors tend lie about their knowledge - but that'll be a whole different story, where LLMs will be just a background detail.
(I'm not saying Godot should be done something different - their project, their rules, let's use that as an opportunity to watch how it goes. Just musing on the matter in general, if there's any rationally explainable merit in such policy.)
You could get a perfectly adequate instance of a PR that is easily readable and verifiable while generated by an LLM, but generally they're not.
A policy pushes the aggregate to at least what looks and communicates as a human made PR that is functionally easier to approve. Whether they are created by an LLM or not is then secondary, but it likely pushes all PRs to be better.
But I'd argue that some projects [1] could benefit from the speed (and sometimes, quality) of AI code generation without filtering by something that's difficult to identify (i.e., is it truly human-generated).
One way could be to constrain the size of each commit and PR, and invest more heavily into the review process (e.g., tests, static/dynamic analysis, sandbox deployments), so even if you get 100s of contributions, you can knock each out quickly.
Obviously, easier said than done. And at that point, you may as well use the AI to make the commits yourself, instead of relying on community contributions.
[1] Of course, this is only the case if the project's only purpose is to be a tool, and not also an educational reason for humans to learn how to code - in which case, it makes sense to invest more into identifying the "cheaters".
you can see it sort of like making a list of vegan restaurants. you might not see anything wrong with other restaurants (they might even have vegan dishes) but to some people it makes all the difference because they get to choose who they support
Imagine morals.
Alternatively, if you have some vague idea [1] about what you expect to see/have, and the running code satisfies that idea, then it also runs.
Obviously, there are plenty of non-functional specs (e.g., security, cleanness, readability) that a code should probably fulfill before one finds it acceptable, but these are also not somehow impossible for state-of-the-art models to satisfy.
[1] Vibe, if you prefer, tho I dislike the term. Another related term is eyeball estimation.
For many people that’s enough of a reason.
As for functional, you can see it all up and down this comment thread. People don’t check their work and leave these massive walls of text and codebases that someone else has to audit/cleanup. It’s exhausting. Too many people offload their work to AI and put zero effort into vetting the results, which punctually means they are just offloading the work downstream. So many maintainers are simply going “no I will not do your work for you,” which is a very functional decision.
To butcher a comment I read on HN that put it very succinctly months ago: everybody wants to let AI do their work for them, but nobody wants to be downstream of AI work. It’s a seriously problematic dynamic on many levels. And that dynamic will not change until the vast majority of people start reliably vetting the results, which I don’t think is going to happen because babysitting a black box and trying to force it to output something a specific way (or constantly copy editing middling work) is not something that most of us enjoy.
There are also plenty of valid personal reasons for refusing to generate code with AI - learning-by-doing and ownership of the result being the main ones, IMO.
> everybody wants to let AI do their work for them, but nobody wants to be downstream of AI work.
This is also true in my experience. But in my work, I found that I don't care how the code or comment was generated, as long as it doesn't try to overload my brain with irrelevant and obfuscated things, and as long as the person is not pretending that it's true, verified or their own creation (when it isn't).
That is to the point!
This is the core of the issue, not that someone uses AI, but that it’s just one of many smells a patch can have that indicates someone doesn’t understand what they’re submitting. You could be breaking variable naming conventions, changing APIs you shouldn’t, making amateur language mistakes, all indicate that yes, maybe the patch does work, but that there are other good reasons to reject it.
A way around this might be to mark a PR as rejected because of AI and then ask the author to point out some part of it they’re particularly proud of and explain in their own words, not a wall of AI text, what this does and why they like it. Just something where the author has to show that they have something an AI can’t, namely taste and an opinion.
(It’s famously not well capable of sounding human)
Irrespective of the quality of ai-contributions, that seems hard to argue with.
(unless you believe ai will make the whole concept of OS contributions / maintenance redundant. If that's your belief I don't think it makes much sense to submit PR's to Godot though, instead of just forking the engine and having your agents work on it)
I can fully understand the reasoning for it and I also think it's by and large a good idea because one of the cool things about open source projects is that they are traditionally good places for younger developers to get started or hop in and learn. There's a lot more to be learned from writing everything yourself and thinking through it.
there's a few elsewhere in the comments here but I'm not sure how comprehensive any are
These people are farming contributions to major FOSS projects as a form of CV-padding. The same is happening with vulnerability reports. The sloppers may genuinely think they're helping out, or they may know their 'contributions' are a net negative for the projects, in the end it doesn't matter much. When you're motivated by direct economical incentives and your situation is precarious enough (in today's labor market, it is), externalities are not high on your list of concerns.
Developers who have a nice job and career, and are making good money, might think of doing open source to “contribute to society” or something like that.
But new developers who are seeing those golden opportunities shut in front of their faces, they feel like they have to desperately fight for the last places on the lifeboat, so I don’t blame them for wanting to farm cv points and game the system of incompetent recruiters who make much more then they will do, instead of spending time and effort doing something nice for society hoping someone will notice (lol they will not, especially if you’re a nobody)
I do think I helped out.
And I have discovered this edge case when fiddling with my homelab which is my hobby.
I am with the maintainers on this one, I am not quite sure how they plan to filter out AI slop, but atleast all slop PRs should stop now, I am sad to not have the free time to contribute to the project or maybe just not enough energy.
In generally, I am just sad that this is where the public contributions and open source has come down to, couldn't we all have been more fun working together, what makes someone think they can vibe code their way to a meaningful PR and not even mention that it's a vibe PR.
Why does this PR appear to add any value, and if it does provide some insights into solving a problem, why do you expect it to be merged and reviewed?
The best defense of these drive by vibe PRs can be I found a bug, tried to fix it, seems to work, here's my code, someone who has more time could take a look and see if it has any insights.
Also only works on PRs that are specifically bug fixes or address some issue specifically. Not your omega 10K+ line feature commits...
Why do some people feel compelled to make these PRs? I am genuinely curious, I don't hate these people but do these folks think that this is adding some value?
On an unrelated note, I lost all respect and eagerness to try it out after the drama.
Also, what drama?
Google Godot drama 2024, for some top-notch community mismanagement classes.
You just can't expect someone who isn't willing enough to write one good PR to be willing to become a good maintainer.
is about quality not AI which is exactly my point.
But the blog post is written in future tense. I don't think they have a new contribution policy file yet
If someone thinks they're building better open source with their AI, let them fork; their AI can maintain downstream. If it's really better, people will join the fork. Good luck.
In all likelihood anyone attempting this will realize the value that a maintainer provides. On the odd chance they discover a new working model and produce better software, all the better, everyone wins.
I don't think the problem is the (AI generated) code per se, but as the article mentions, it's the human interaction. A reviewer can spend hours on reviewing the code and leaving feedback to the author, but if the author just feeds it into an AI (or worse, it's automatically fed into it) and processes it within seconds, only to start with a blank slate for a next change, what's the point of putting in all that effort?
Humans can learn and adapt, AIs can... ingest more stuff into their context, I suppose, but it's been proven that things break down if they have too much stuff in said context, and said context is limited.
(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; [...]
https://developercertificate.org/
How about if AI generates code in a file, then I copy/paste bits... like stack overflow ?
1. In the case of AI generated code, the tool is the author.
2. Its far easier to enforce.
3. The alternative gate keeps against new contributors.
Allowing AI use by 'trusted contributors' has been suggested and discussed, but there were enough reasons against it and not enough established benefit.
Don't get me wrong, slop is slop, no matter if AI or entirely human-fabricated. But just like AI-assisted coding can actually be helpful, why can't AI-assisted PR reviews make it less tedious?
It's basically the same issue as spam in emails. It was bad before, and automation made it a zillion times worse.
People are never entitled to their contributions getting accepted to someone else's code base.
Do you think sociopaths willing to lie about how they came up with a contribution are really that common?
https://godotengine.org/article/contribution-policy-2026/
I predict this won't last long in any extreme version in any significant open source repo.
Banning AI-slop is one thing, but AI as a properly used co-programmer is becoming more and more capable and shutting out well-guided AI will enable competitors who don't to edge and then power ahead.
There are obviously problems to solve here, but blanket bans (while understandable in under-resourced maintenance environments) aren't anything more than a short-term buffer.
Yet all that is being produced is piggy-backing unchecked vibe-slop.
At some point you just call it failed.
On the other hand ... it is a bit strange though, because what if code contributions objectively improve something? I dislike AI slop spam, but from a purely objective point of view, I am not sure it should be forbidden based on it intrinsically making a change, which COULD be an improve. Now I am also aware of the AI slop spam worsening things; ton of documentation is useless, look at what matz produces with claude, this seems to be written purely by an alien, aka AI. I don't understand anything that this AI generates. But I think from an objective point of view, I'd actually lean more towards not completely disallowing AI slop contribution. The issue seems largely with:
a) the quality
b) the amount of text generated
Both these problems, in my opinion, could be solved. The time required by a real human to look at it, though, will always be a bottleneck, so perhaps the more honest answer would be that humans don't have enough time for contributions from skynet.
If the contribution is complex enough, it is no longer an 'objective improvement' but rather a judgement call, and in the process becomes copyrightable. This is where the trouble lies, and why this kind of AI involvement is banned.
If it is not, for example by being a one-line fix that literally cannot be performed differently, it's a different story. Then it can be merged, viewed either as a menial change (exempt by the ban) or by transfer of ownership (the reviewer becomes the effective author) because it is not copyrightable.
There, I solved FOSS sponsorship.
Puh-lease. Unity's "hara-kiri" was in 2023 by which time Godot was NINE years old. Hara-kiri or no hara-kiri Godot has shown longevity and relevance. Anything gained from Unity's own-goals is just cherry on top.
The idea that you can't trust code that was generated by heavy users of AI, because _they_ don't understand it enough to fix it, is false, because they can use AI to fix it.
In general, I have hard time understanding how one might even block other contributors from using ai.