[adrian17]

Reading this leaves a weird taste in my mouth, since the author tends to regularly make nontrivial >1k LOC PRs (sometimes several per day) and merge them on the same day with no reviews at all. This is even ignoring the LLM aspect; I don't know what % of them are assisted, but even if it was 0%, this isn't the pace of development I'd be comfortable with.

[simonw]

That's entirely consistent with what they said here:

> Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users. The people introducing changes to it must be the people who decide those changes belong in the project, and who will answer for the consequences.

[bakugo]

That's the philosophical argument. In practice, though, the effect of large unreviewed AI commits on the project and its users is likely to be the same regardless of whether those commits were prompted by a core developer or an outside contributor.

[simonw]

I don't buy that at all. A core developer producing a thousand line commit that they'll be responsible for over the remaining lifetime of the project is entirely different from a fire-and-forget PR from an outside contributor.

[soerxpso]

If the commit was prompted by a core developer, the developer knows what the prompt was. If it was prompted by a stranger, the core developer reviewing it does not know what the prompt was. The review attention required is completely different, because with an untrusted submitter you have to meticulously hunt down intentional security vulnerabilities obfuscated in the PR.

[mikkelam]

My own experience is far from this. Steering the AI, early and while developing a change, matters sigificantly.

Therefore a maintainer is more likely to steer the AI in a direction that is aligned with the codebase.

[jeremyjh]

Yes, I have lost faith in some open source project maintainers that are doing this. There is an open source platform we've used for years at work (we use the paid Enterprise version of it) that introduced some pretty grotesque security flaws and when I looked into it I realized AI had taken over the project - you can clearly see it in the commit log whether it is attributed or not, just based on volume and frequency. It was very disappointing.

[account42]

It's the open source equivalent of brands dumping quality in order to maximize profits. The end result in both cases is that trust is lost much more quickly than it can be earned.

[bakugo]

Why not name the project in question?

[Meneth]

His Github page [1] matches some of this. 83% commits, 14% PRs, 2% reviews, 1% issues. Clearly out of control.

[1] https://github.com/awesomekling