[jmward01]

The core discussion wasn't about the PR it was about the hit piece that the bot created outside of the repo. The original post talked about bot submissions being a normal thing and how they have, I think, a very reasonable approach to them so the PR was just one of many and was unremarkable as well as valid in why it was denied. It was the 'at all costs get this into the code' approach the bot took that is the alarming turn here that really needs discussion. What about other tasks? 'Get me thing x please...' Turns in to blackmail and robbery without the person that kicked off the request knowing how far things have gone. The fact that the bot has this level of capability, to attack, but with a child's understanding, at best, and with no controls/repercussions is deeply alarming. If it decides to attack an individual it could do so and likely do deep real harm. Right now people are likely using these tools exactly for this purpose and we have very few well built defenses to handle this type of attack. The Naval War College had a seminar several years ago about the future of tech and war and I remember saying that the future of war will likely be at the individual level. Every sailor on a ship being electronically targeted just like this. Imagine the enemy sending e-mails and texts and posting to social media hit pieces with just enough information about you to make it believable and cause chaos. We have seen what the misinformation world can do over the past decade, this attack shows what is coming and it is incredibly scary.

[dyauspitr]

Yes I’m aware. The point I’m trying to make is that if the hit piece was about a legitimate PR it would have been harder to defend Scott’s dismissal of it on the grounds that it was a bot irrespective of how egregious it is that a bot put out a hit piece.

[3oil3]

I 100% agree with you, hell, I still don't understand why they didn't merge the thing, if it was beneficial. There is a distinction between noobies comimg up with worthless PR straight copy pasted from an LLM, and that of an unexpected initiative of a user using a sofisticate bot. That's what has been overlooked, it's not a PR from the 'AI', it's a PR from the person using that 'AI'. I don't get all that fear, what the AI going to do now that it filled its context window, besides go 'Actually wait, the user blablabla'

[jmward01]

Directly quoting Scott Shabaugh here:

“Well if the code was good, then why didn’t you just merge it?” This is explained in the linked github well, but I’ll readdress it once here. Beyond matplotlib’s general policy to require a human in the loop for new code contributions in the interest of reducing volunteer maintainer burden, this “good-first-issue” was specifically created and curated to give early programmers an easy way to onboard into the project and community. I discovered this particular performance enhancement and spent more time writing up the issue, describing the solution, and performing the benchmarking, than it would have taken to just implement the change myself. We do this to give contributors a chance to learn in a low-stakes scenario that nevertheless has real impact they can be proud of, where we can help shepherd them along the process. This educational and community-building effort is wasted on ephemeral AI agents.

https://theshamblog.com/an-ai-agent-published-a-hit-piece-on...

[3oil3]

Thanks for the quote. Rules are rules, that's enough of a justification.

[dyauspitr]

In this case because it was a “easy fix” intentionally left in place as an entry point for new contributors.

[jmward01]

Having read the original post and the GH comments about why the PR was denied I was really impressed by their policy. It shows a real effort to develop their community.