No LLM Code in Dependencies
Detection of LLM-Generated Code
- Some want tools to flag LLM-generated commits using heuristics: large blobs with extensive comments, unusual lines-of-code per hour, and commit styles trained on pre-LLM-era repos.
- Others argue “AI detection” is inherently unreliable, likening it to polygraphs, and warn about high false positives.
- A softer position: detection doesn’t need to be perfect—just good enough to surface “obvious” cases for human review.
- Simple heuristics like checking commit co-author tags are proposed as low-hanging fruit.
Practicality of No-LLM Dependencies
- One side sees refusing LLM-tainted dependencies as a principled but potentially impractical stance, especially when it blocks newer versions of critical tools and languages.
- Others consider it a reasonable defense against “AI slop,” even if it means more work, dependency freezing, or using fewer dependencies.
- There’s recognition that this may become untenable long-term and could force trade-offs between purity and access to language/tool improvements.
OSS Governance and Contribution Policies
- Suggestions include: not accepting external contributions at all, paywalling PRs to fund additional review, or moving to “AI-free” hosting.
- Some argue that open source can simply refuse LLM-generated patches while staying open; forking remains an option for disagreeing users.
- A recurring concern is maintainer burnout from low-quality AI PRs and the risk of volunteer projects “imploding” under review burdens.
- Several comments emphasize the qualitative difference between mentoring junior humans (who can grow into maintainers) and reviewing LLM output, which offers no long-term community benefit.
Quality of LLM Code vs Human Code
- One camp claims LLMs resemble mid-to-low-tier developers and can be useful if wielded responsibly; the problem is sloppy users, not the tool.
- Critics say LLMs are worse than typical devs, lack understanding, and produce subtle, large-scale messes at superhuman speed.
- There’s fear of a future saturated with opaque, churn-heavy “slopcode,” where comprehension and reliability degrade.
Security, Ethics, and Corporate vs OSS Attitudes
- Some advocate LLMs as essential for future-scale security auditing; others respond that analysis and code generation are distinct issues.
- Tension exists between being “forced” to use LLMs by the job market and the belief that this situation is nevertheless bad.
- Several comments highlight unresolved copyright/licensing questions around training data and code reuse.
- Contrast is drawn between idealistic, publicly scrutinized open source projects and corporations quietly using LLMs internally with less concern about provenance.