Re: Looking for advice on how to deal with potential slop packages

[Sam James <sam@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 2251 bytes --]

Michał Górny <mgorny@gentoo.org> writes:

> Hello, everyone.
>
> Seeing more and more packages embracing LLM-driven development (to the
> point of "vibe coding" or slopware), I'm looking for your ideas on how
> distributions should deal with that.  I'm basically torn between three
> things:
>
> 1. My duty towards the users to deliver up-to-date versions of software.
>
> 2. My duty towards the users to deliver *good* and *secure* software.
>
> 3. My ethical concerns, both directly related to LLM use, and to what
> people are using them for.

For those interested, we've started discussing it on the Gentoo side at
https://public-inbox.gentoo.org/gentoo-dev/fd8fea8a469a11e302dfd66dad76bbfa230198cf.camel@gentoo.org/
now too.

> [...]
>
> What are your experiences, thoughts and ideas how to deal with this?  I
> mean, staying on old software versions and hoping people will change
> their minds (or more precisely, LLMs will stop being subsidized and
> people will have to start paying serious money for their usage) is not
> exactly a good idea.  Going around and telling people "please switch
> from dependency X to Y because X is slop (and Y isn't yet)" doesn't
> sound like the best use of our time either.  And forking?  With the
> depressing state of FLOSS these days, I can't even find energy to
> maintain my own projects, let alone take anything else.
>

You know my position on this but saying it here for the benefit of the
list: I think some collaborative effort is needed just like we ask
people to port away from unmaintained dependencies or something that is
otherwise broken. chardet has an alternative AFAIK:
charset-normalizer. And we can lobby upstreams to not depend on new APIs
introduced only in "infected" versions.

Of course, that's still work, and I'm very tired of all of this already
too.

>
> [1] https://wiki.gentoo.org/wiki/Project:Council/AI_policy
> [2] https://github.com/crossbario/autobahn-python/issues/1716
> [3] https://github.com/crossbario/autobahn-python/issues/1735
> [4] https://github.com/crossbario/autobahn-python/issues/1782
> [5] https://github.com/crossbario/autobahn-python/discussions/1818
> [6] https://github.com/chardet/chardet/issues/327

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 418 bytes --]