That’s a good summary of the different aspects of the issue, DeckPacker, thanks. Too often this kind of discussion focuses on just the code quality side of it - I guess that’s what developers are most comfortable thinking about.

The way you’ve framed it only looks at the negatives. There are benefits but we’ve heard quite enough about those.

The overarching goals of the fediverse, as I see it, are the liberation of humanity, realising the full potential of the internet and a new relationship between social media organisations and people. And so on, different things for different people but that’s the general idea. The really hard to answer question, which is less well explored in prior discussions, is how AI, as it is today (e.g. rented to us by fascists) fits in to that picture.

Let’s go through the framework you outlined.

Poor quality, insecure code - in the hands of a skilled developer with a bit of discernment, this doesn’t need to be the case. PRs can be evaluated for quality regardless. A 6000 line PR will not be acceptable whether it was LLM-generated or not (although LLMs make 6k line PRs more common!). One nice thing about coding by hand is it creates a barrier to entry so that only relatively committed people can get involved, so they’re more likely to stick around to clean up the fallout from their contributions and make future contributions. We can’t build a long-term sustainable developer community based on low-effort llm-generated one-off drive-by code drops.

So on this point my feeling is weakly negative on AI. It can be great but not every developer knows when to apply it.

Licensing issues - I am not a lawyer! But there was a court case recently which found that because AI-generated code has no author then it cannot be copyrighted and is therefore public domain. As far as I can tell this means if someone 100% vibe codes an app they don’t get to put the GPL on it because it’s not theirs to license to anyone else. Where it gets murky is if an existing GPL codebase exists and a chunk of AI-generated code is made and then altered somewhat by the developer THEN it becomes enough of their own work that it belongs to them and is licensable and can be included in the wider codebase. Exactly how much manual editing is needed, we don’t know. Whether the whole copyright legal architecture is still relevant after the AI companies got away with infringement on this scale, we don’t know.

As someone who regularly streams pirated movies and is only interested in copyright when it benefits we the people and not when it protects corporations, I’m kinda cynical about the whole thing.

Weakly negative. Of course we do want to preserve the integrity of the AGPL but perhaps that battle is lost already.

Legal trouble - If anyone goes looking for people to sue, they’ll come for Microsoft first and then work their way down. The chance of this ever effecting us seems remote. Although, if PieFed ever became a serious challenge to mainstream social media (we can dream) this could be used as a weapon against us. AFAIK this can be avoided by putting the legal responsibility on individual contributors (instead of the project as a whole) by using a Developer Certificate of Origin whereby the contributor asserts, at PR submission time, that they own the copyright. If they lie then they can be held accountable for that, theoretically.

Neutral.

Ethics - this is the hard one. The AI companies are in bed with the authoritarians, both in giving them donations, receiving support and investment from authoritarian governments, creating AI-based kill chains, mass surveillance, taking all our water, dumping their waste into our atmosphere, flooding our democratic processes with shit, and on and on. By paying money to those people to use their services, you’re telling the world “I am ok with this service, I am ok with the entity that provided it and the way it was provided. Keep doing what you’re doing”. Every token we use is strengthening omnicidal fascism. We cannot use the tools of fascists to beat them because every time we use those tools we make them stronger.

Even when we use ChatGPT for free (which drains their resources! Good!) we are normalizing dependence and usage in the industry. It’s like The Ring, in Lord of the Rings. Occasional usage can get you out of a tough spot but it becomes addictive and ultimately self-defeating. On the other hand total avoidance of using the ring would mean certain defeat.

Very negative. I feel like the other issues can be hand-waved away but this one I’m having a hard time getting past.

A lot of software projects don’t have a larger social goal so it’s easier for them to say “we’re not here to solve the world’s problems, we’re just making software”. I don’t think we get to use that escape hatch. But as a practical matter, StackOverflow is dead and Google searches are becoming less and less effective so total avoidance doesn’t seem realistic.

So that’s my general thinking. Where things ends up in terms of a concrete policy I don’t know yet. It’s not like we’re having any problems with how things are now so at present I’ll be aiming to codify existing practice in a way that keeps as many of us on board as possible.