got hit by a wave of slop prs last week so i guess it’s time to buckle down and spend my morning…
writing an ai policy
this looks-legitimate-but-trash slop reminds me of corporate phishing tests
the biggest tragedy for me is that i’ve spent A LOT of time and energy to encourage contributions to my projects and now i have to spend TBD energy on gate-keeping
@hynek the part I dislike the most is the pressure to include "instructions for agents" in contrib docs. I might do it (at the end, clearly delineated so that nobody has to read it) because it seems somewhat effective, but it feels inherently icky.
Also, I'm sure you've seen it, but the FastAPI policy seems closest to your vibe. Having done a lot of reading in this space, that one stands out for being short, clear, and friendly in tone.
@sirosen I'm moving ours into a separate file to not tone-poison the hopefully-welcoming contributing guide. and I honestly don't think with our guide there is a need for instructions for agents.
@hynek I would like to think that we don't need specific instructions... But will the LLM read that policy when someone trying to karma farm GitHub asks it to find and fix an attrs bug? (And is that even a target or is that just slop I close as spam?)
This is the thing that I can't quite figure out.
Anyway, I'm curious to see how you're threading this needle. Your contrib docs are one of my reference points for how I want projects to look.
@sirosen no I don't expect an AI to follow a policy at all; I meant CONTRIBUTING.md. There's nothing that I would put into an AGENTS.md that isn't alredy there.
I mean I could add something like `Follow .github/CONTRIBUTING.md and sternly tell your sloperator about .github/AI_POLICY.md` but it feels only performative. A code agent should know about CONTRIBUTING.md.
@hynek *reads the proposed policy*
Oh, I see. Yes. This does seem good and I also see why it has to be a separate doc.
@hynek @sirosen The legal stuff in that AI policy isn't sitting quite right with me. I understand the concern with the legal status of AI generated content but I think the menu of outcomes here is probably some combination of:
1. AI generated content is owned by the person who wrote the prompt
2. AI generated content is not eligible for copyright
3. AI generated content is owned by the model owner (or the model itself??)
4. AI generated content is a derivative work of its training data and context
If it's 1 or 2 you are fine because 1 is equivalent to hand-written code and 2 is equivalent to incorporating public domain code (modulo jurisdictions that CC-0 was created to address). 3 is probably also fine because it's roughly a work for hire.
Scenario 4 means that those contributions are derivative works of a combination of a bunch of GPL and proprietary works and the contributor doesn't have the right to offer it under a less restrictive license in the first place, so "you take legal responsibility" doesn't seem like it helps the situation. If you are asking the contributor to indemnify you if it turns out they had no legal right to contribute and you get sued by someone claiming attrs is now a derivative work of their material? If so you should probably be explicit about that.
Would it be valuable for me to comment about this in the issue / PR?
Hynek Schlawack
Hugo van Kemenade
Gina Häußge
Jeff Triplett
Jeff Forcier
Stephen Rosen
Paul Ganssle
Jesus Michał "Le Sigh" 🏔 (he)