[msiemens]

After seeing the demos my biggest question is: how will this not lead to people just accepting whatever GitHub Copilot suggests while introducing subtle yet catastrophic errors? Basically, how is this not going to become an alternative to just copy-pasting StackOverflow answers without verification? Especially given the IDE integration…

And to at least partially answer my own question, straight form the FAQ:

> Can GitHub Copilot introduce insecure code in its suggestions?

> There’s a lot of public code in the world with insecure coding patterns, bugs, or references to outdated APIs or idioms. When GitHub Copilot synthesizes code suggestions based on this data, it can also synthesize code that contains these undesirable patterns. This is something we care a lot about at GitHub, and in recent years we’ve provided tools such as Actions, Dependabot, and CodeQL to open source projects to help improve code quality. Similarly, as GitHub Copilot improves, we will work to exclude insecure or low-quality code from the training set. Of course, you should always use GitHub Copilot together with testing practices and security tools, as well as your own judgment.

Basically, they seem to hope that people will either be really careful about the suggested code or have existing code analysis workflows that would catch errors

[jedberg]

Like any tool, you still need to understand the fundamentals to use it well. Anyone can use a table saw, but if you don't know what you're doing, it can be really easy to cut off a finger.

[captainredbeard]

To be fair, even if you know everything about a table saw (or a band saw) you can still lose fingers.

[jedberg]

And if you know everything about coding, you can still introduce security flaws. But you're less likely to.

[stevofolife]

To be fair, it is still easier to lose a finger when you don't know much about a table saw.

[mikeyouse]

Seems like this would be really beneficial for careful coders with secure practices --- and catastrophic for many other types of coders..