s/Django/the codebase/g, and the point stands against any repo for which there is code review by humans:
> If you do not understand the ticket, if you do not understand the solution, or if you do not understand the feedback on your PR, then your use of LLM is hurting Django as a whole.
> Django contributors want to help others, they want to cultivate community, and they want to help you become a regular contributor. Before LLMs, this was easier to sense because you were limited to communicating what you understood. With LLMs, it’s much easier to communicate a sense of understanding to the reviewer, but the reviewer doesn’t know if you actually understood it.
> In this way, an LLM is a facade of yourself. It helps you project understanding, contemplation, and growth, but it removes the transparency and vulnerability of being a human.
> For a reviewer, it’s demoralizing to communicate with a facade of a human.
> This is because contributing to open source, especially Django, is a communal endeavor. Removing your humanity from that experience makes that endeavor more difficult. If you use an LLM to contribute to Django, it needs to be as a complementary tool, not as your vehicle.
I am going to try to make these points to my team, because I am seeing a huge influx of AI-generated PRs where the submitter interacts with CodeRabbit etc. by having Claude/Codex respond to feedback on their behalf.
There is little doubt that if we as an industry fail to establish and defend a healthy culture for this sort of thing, it's going to lead to a whole lot of rot and demoralization.
AI autocomplete and suggestions built-in to Jira are making our ticket tracker so goddamn spammy that I’m 100% sure that “feature” has done more harm than good.
I don’t think anybody’s tracking the actual net-effects of any of this crap on productivity, just the “vibes” they get in the moment, using it. “I got my part of this particular thing done so fast!”
I believe that to be the case, in part, because not a lot of organizations are usefully tracking overall productivity to begin with. Too hard, too expensive. They might “track” it, but so poorly it’s basically meaningless. I don’t think they’ve turned that around on a dime just to see if the c-suite’s latest fad is good or bad (they never want a real answer to that kind of question anyway)
> just the “vibes” they get in the moment, using it. “I got my part of this particular thing done so fast!”
In the pre-AI era it was much easier to identify people in the workplace who weren't paying attention to their work. To write something about a project you had to at minimum invest some time into understanding it, then think about it, then write something on the ticket, e-mail, or codebase.
AI made it easy to bypass all of that and produce words or code that look plausible enough. Copy and paste into ChatGPT, copy and past the blob of text back out, click send, and now it's somebody else's problem to decipher it.
It gets really bad when the next person starts copying it into their ChatGPT so they can copy and past a response back.
There are entire groups of people just sending LLM slop back and forth and hoping that the project can be moved to someone else before the consequences catch up.
Ironically my favorite use of claude is removing caring about jira from my workflow. I already didn't care about it but now i dont have to spend any time on it.
I treat jira like product owners treat the code. Which is infinitely humorous to me.
Horrible degrading take. Be the change you want to see. Don't fuel the fire that's burning you.
If something's not happening, something else's making it impractical. Saying this as a 10+ years product manager and R&D person with 20+ more years of engineering on top.
I also had to deal with "managers are just complicating things" or "users are stupid and don't understand anything"; do you think I complained? No, I had engineers barter trust of their ingenuity with trust of my wisdom, and brought them to customer calls and presented them to users almost like royalty, which made them incredibly respectful as soon as they saw what kind of crap users had to deal with.
The industry is broken now, this is just a response to that. Leadership and product don't have any respect for the code, why would engineers have any respect for the ticketing process.
Thats an unreasonable asymmetric effort demand, "Your code does not matter but my precious tickets must have elbow grease put into them."
The industry is broken. It's broken in the same sense the railroad industry is broken. It has reached the point of abundance, where we're doing things that don't need doing. That won't get done in an efficient market. But since we're not in an efficient market, there are globs of capital thrown at people building stuff that.. doesn't stand a chance of actually making any return on capital.
But while it lasts, us, the glorified machine-minders (just like railroad engineers, well, minded the engines), get paid large lumps of money, through large hordes of managers, arguing on minutia of conversion optimization, and fundamentally, being paid enough to not to try and do something else, perhaps competitive.
And that is broken. Especially for the "smarter of us" - the graduation ceremony of my physics department rings true - we've trained you to discover the secrets of universe and reach the stars, and most of us will use it.. to gain an edge at Lehman Brothers.
(And I think the root of this problem, is the abundance of low-risk capital, from people who expect a small return and a pension that lasts for decades in retirement)
Teach me your ways. I’ve long wished for an actual, human secretary to handle that for me. The context-switching and digging around in a painful, slow interface (I don’t just mean Jira, 100% of the ones project managers find acceptable seem to have this quality) is such a productivity killer, and it’s so easy to miss important things in all the noise.
The principle here extends far past Django. The mistake I see repeatedly in agent architectures is the same one over and over, people route decisions through the model that have no business being there. Not "should I query the database" but internal stuff: branching logic, state transitions, constraint enforcement. Things where the answer isn't ambiguous and a deterministic function would be faster, cheaper, and (most importantly) auditable.
The LLM is genuinely better at certain things: interpreting messy input, generating novel responses, reasoning about edge cases. It's not better at "if account is locked, deny access." Burning tokens on that kind of decision is exactly the same category of mistake as using an LLM to write your Django queries.
The hard part is that agent frameworks don't enforce the separation. Nothing stops you from putting decision logic in a prompt because that's the path of least resistance. But you end up with systems where you can't explain why a decision was made, you can't test it without running inference, and you end burning tokens/money that didn't need to be burned to get subpar results you could have gotten deterministicly for free.
In the old days, you could assume that a Par was being offered in good faith by someone who was really fixing a problem. You might disagree with the proposed solution and reject the PR as written, but you assumed good faith. AI has flipped that on its head. Now, everyone assumes they are interacting with an AI (or at least a human using one to generate all the content) and that the human has little to no understanding of what they are proposing. Ultimately, the broad use of AI erodes trust. And that’s a shame.
> I am going to try to make these points to my team, because I am seeing a huge influx of AI-generated PRs where the submitter interacts with CodeRabbit etc. by having Claude/Codex respond to feedback on their behalf.
Are people generally unhappy with the outcomes of this? As anecdotally, it does seem to pass review later on. Code is getting through this way.
It's slippery. You're swamped with low-effort PRs, can't possibly test and review all of them. You will become a visible bottleneck, and guess whether it's easier to defend quality vs. "blocking a lot of features" which "seem to work". If you're tied by your salary as a reviewer, you will have to let go, and at the same time you'll suffer the consequences of the "lack of oversight" when things go south.
The best people I've worked with tended to go out of their way to make it as easy for me as possible to critique their ideas or implementations.
They spelled out exactly their assumptions, the gaps in their knowledge, what they have struggled with during implementation, behavior they observed but don't fully understand, etc.
Their default position was that their contribution was not worth considering unless they can sell it to the reviewer, by not assuming their change deserves to get merged because of their seniority or authority, but by making the other person understand how any why it works. Especially so if the reviewer was their junior.
When describing the architecture, they made an effort to communicate it so clearly that it became trivial for others to spot flaws, and attack their ideas. They not only provided you with ammunition to shoot down their ideas, they handed you a loaded gun, safety off, and showed you exactly where to point it.
If I see that level of humility and self-introspection in a PR, I'm not worried, regardless of whether or not an LLM was involved.
But then there's people that created PRs with changes where the stack didn't even boot / compile, because of trivial errors. They already did that before, and now they've got LLMs. Those are the contributions I'm very worried about.
So unlike people in other threads here, I don't agree at all with "If the code works, does it matter how it was produced and presented?". For me, the meta / out-of-band information about a contribution is a massive signal, today more than ever.
This is getting really out of control at the moment and I'm not exactly sure what the best way to fix it is, but this is a very good post in terms of expressing the why this is not acceptable and why the burden if shifting on the wrong people.
Will humans take this to heart and actually do the right thing? Sadly, probably not.
One of the main issues is that pointing to your GitHub contributions and activity is now part of the hiring process. So people will continue to try to game the system by using LLMs to automate that whole process.
"I have contributed to X, Y, and Z projects" - when they actually have little to no understanding of those projects or exactly how their PR works. It was (somehow) accepted and that's that.
I see the problem everyday and am just playing devil's advocate but it doesn't really do a good job explaining the "why".
They hint at Django being a different level of quality compared to other software, wanting to cultivate community, and go slowly.
It doesn't explain why LLM usage reduces quality or they can't have a strong community with LLM contributions.
The problem is that good developers using LLM is not a problem. They review the code, they implement best practices, they understand the problems and solutions. The problem is bad developers contributing - just as it always has been. The problem is that LLMs enable bad developers to contribute more - thus an influx of crap contributions.
The last section focuses on how to use LLMs to make contributions:
> Use an LLM to develop your comprehension.
I really like that, because it gets past the simpler version that we usually see, "You need to understand your PR." It's basically saying you need to understand the PR you're making, and the context of that PR within the wider project.
A decade or more of people copy-pasting rote solutions from StackOverflow only supports the notion that many people will forego comprehension to foster the illusion of competent productivity.
This ain't an AI problem, it's a people problem that's getting amplified by AI.
It was interesting the other day tracing the lineage of Aaron Swartz -> Library Genesis / Sci-Hub -> LLM vendors relying on that work to train their models and sell it back to us all with no royalties or accountability to the original authors of all this painstakingly researched, developed, and recorded human knowledge they’re making billions on.
> One of the main issues is that pointing to your GitHub contributions and activity is now part of the hiring process.
If I were hiring at this moment, I'd look at the ratio of accepted to rejected PRs from any potential candidate. As an open source maintainer, I look at the GitHub account that's opening a PR. If they've made a long string of identical PRs across a wide swath of unrelated repos, and most of those are being rejected, that's a strong indicator of slop.
Hopefully there will be a swing back towards quality contributions being the real signal, not just volume of contributions.
> Will humans take this to heart and actually do the right thing? Sadly, probably not.
Don’t blame the people, blame the system.
Identifying the problem is just the first step. Building consensus and finding pragmatic solutions is hard. In my opinion, a lot of technical people struggle with the second sentence. So much of the ethos in our community is “I see a problem, and I can fix it on my own by building [X].” I think people are starting to realize this doesn’t scale. (Applying the scaling metaphor to people problems might itself be a blindspot.)
I like the idea of donating money instead of tokens. I think django contributors are likely to know how to spend those tokens better than I might, as I am not a django core contributor.
Some projects ( https://news.ycombinator.com/item?id=46730504 ) are setting a norm to disclose AI usage. Another project simply decided to pause contributions from external parties ( https://news.ycombinator.com/item?id=46642012 ). Instead of accepting driveby pull requests, contributors have to show a proof of work by working with one of the other collaborators.
There's definitely an aspect here where the commons or good will effort of collaborators is being infringed upon by external parties who are unintentionally attacking their time and attention with low quality submissions that are now cheaper than ever to generate. It may be necessary to move to a more private community model of collaboration ( https://gnusha.org/pi/bitcoindev/CABaSBax-meEsC2013zKYJnC3ph... ).
Instead of people buying the tokens themselves, they should just donate the money to the core contributors and let those people decide how to spend on tokens.
I agree with the broarder thesis, although some people aren't buying more tokens for this and could just be using their existing plan's limits.
So people may be less likely to donate an extra amount beyond their "ai budget" to an OSS project for tokens. Large OSS projects are also likely to get free tokens from major providers anyway.
But I like the idea of crowdfunding specific features.
"For a reviewer, it’s demoralizing to communicate with a facade of a human."
This is so important. Most humans like communicating with other humans. For many (note, I didn't say all) open source collaborators, this is part of the reward of collaborating on open source.
Making them communicate with a bot pretending to be a human instead removes the reward and makes it feel terrible, like the worst job nobody would want. If you spent any time at all actually trying to help the contributor underestand and develop their skills, you just feel like an idiot. It lowers the patience of everyone in the entire endeavor, ruining it for everyone.
Already back in ye olde times, "let me google that for you" which I see so often posted on Reddit. Sometimes you just wanna exchange with a human, and absorb some of their wisdom, which is the whole point of asking a question. Not so different than wanting to shop at a butcher you can establish a relationship with, rather than a faceless supermarket meat counter.
This is a similar hot issue in academia right now. The ability to generate content in papers via llm is much easier than the ability to thoughtfully review them. There are now two tracks, at least in ICML that I saw, one for AI submitted papers and one for non AI submitted papers. And it works the same respectively for reviewers. However even for AI submitted papers, you cannot have only AI review it. Of course it needs human analysis, but still its tricky what you are going to get. And they are reviewing whether anonymity can still stand or if tying your credibilty to the review process is now necessary.
As for open source PRs, I wonder if for trust's sake you would need to self identify the use of AI in your response (All AI, some AI, no AI). And there would need to be some sort of AI detection algorithm flag your response as % AI. I wonder if this would force people to at least translate the LLM responses to their own words. It would for sure stop the issue of someone's WhatsApp 24/7 claw bot cranking out PR slop. Maybe this can lessen the reviewers burden. That being said, more thought is needed to distinguish helpful LLM use that enhances the objective vs unhelpful slop that places burden on the reviewer.
For instance I copy pasted the above to gemini and it produced an excellent condensing of my thoughts, "It is now 10x easier to generate a "plausible" paper or Pull Request (PR) than it is to verify its correctness."
It’s probably already too late to put these horses back in the barn, but having an “allow AI commits / PRs” would have probably been a good idea for GitHub to make available to projects. Even better might have been something like a robots.txt for repos with rules that could be auto-evaluated and PRs auto-rejected if they weren’t followed.
Then again, we see how well robots.txt was honored in practice over the years. As with everything in late-stage capitalism, the humans who showed up with good intentions to legitimately help typically did the right things, and those who came to extract every last gram of value out of something for their own gain ignored the rules with few consequences.
It's like every new innovation at this point is exacerbating the problem of us choosing short term rewards over long time horizon rewards. The incentive structure simply doesn't support people who want to view things from the bird's eye view. Once you see game theory, you really can't unsee it.
This is what happens when governments around the world spend decades inflating the currency to pay for their bloated projects, devaluing peoples savings and paycheques and causing them to prioritise making money over anything else. You kinda gotta do it to survive.
But at the moment it’s so exciting to see if we’re headed more for a Waterworld-esque dystopia or something more similar to Neuromancer / The Matrix. I guess it’ll depend on the rates at which the global economy collapses as a result of AI and WW3 vs climate change, exacerbated of course by the inevitable global thermonuclear war.
game theory doesn't expand into continuous rounds of interactions over the course of a lifetime where previous rounds' outcomes are either reset or persist based on other actors entering the game from the open world, so it really is an inferior framework for evaluating long-term strategies.
Great message but I wonder if the people who do everything via LLM would even care to read such a message.
And at what point is it hard/impossible to judge whether something is entirely LLM or not? I sometimes struggle a lot with this being OSS maintainer myself
"the people who do everything via LLM". That's a bit of a straw man characterization. I don't believe that there are many professional developers "do everything with an LLM'. I don't even know what that statement means.
I watched someone ask Claude to replace all occurrences of a string instead of using a deterministic operation like “Find and Replace” available in the very same VSCode window they prompted Claude from.
On a widely used open source project I maintain I've been seeing PRs in the last month that are a little off (look okayish but are trivial or trying to solve problems in weird ways), and then when I look at their account they started opening PRs within the last few weeks, and have opened hundreds of PRs spread over hundreds of repositories.
They do exist; if "professional" means "hired" it has no bearing on quality, it is not in any shape equivalent to "judicious" nor "careful". If salary goes into "push features" that's gonna be the only incentive.
If you follow any of the programming subs on Reddit, especially the AI-oriented ones, there are a lot of people that at least claim to not code at all anymore-- 100% of their contributions are from prompts.
Perhaps we should start making LLM- open source projects (clearly marked as such). Created by LLMs, open for LLM contributions, with some clearly defined protocols I'd be interesting where it would go. I imagine it could start as a project with a simple instruction file to include in your project to try to find abstractions which can be useful to others as a library and look for specific kind of libraries. Some people want to help others even if they are sharing effectively money+time rather than their skill.
Although I'm afraid big part of these LLM contributions may be people trying to build their portfolio. Some known project contributor sounds better than having some LLM generated code under your name.
> If you do not understand the ticket, if you do not understand the solution, or if you do not understand the feedback on your PR, then your use of LLM is hurting Django as a whole.
Why does it matter if the I understand the ticket and solution? THe LLLM writes the code not me. If you want to check the LLM understanding i'll be happy to copy and paste your gatekeeping questions to it.
Hey I thought you were a proponent of "no one needs to look at the code" ? dark factory, etc etc.
Just because I write about the dark factory stuff doesn't mean I'm a "proponent" of it. I think it's interesting and there's a lot we can learn from what they are trying, but I'm not yet convinced it's the right way to produce software.
The linked article makes a very good argument for why pasting the output of your LLM into a Django PR isn't valuable.
The simplest version: if that's all you are doing, why should the maintainers spend time considering your contribution as opposed to prompting the models themselves?
You'd have to manage the contributions, or get your AI bots to manage them or something, but it would be great to have honeypots like this to attract all the low effort LLM slop.
Actually, I'd want to see that. All the AI companies keep saying it will take our jobs, human developers won't be necessary.
Well let them put their money where their mouth is. Let's see what happens, see what the agents create or fail to create. See if we end up with a new OS, kernel all the way up to desktop environment.
Me too, the problem is that it's hard to come up with tools that are needed but not made yet, and we don't want to end up with https://malus.sh/index.html
AI so often doesn't actually increase productivity - it just shifts the burden of work from the person creating to the person who has to check and evaluate that creation.
In this case, offloading yet more work onto the maintainers of the package, because you can't be bothered, but still want credit.
Curious what simon thinks about using an LLM to work on Django...
I've used an LLM to create patches for multiple projects. I would not have created said work without LLMs. I also reviewed the work afterward and provided tests to verify it.
> This isn’t about whether you use an LLM, it’s about whether you still understand what’s being contributed. What I see now is people who are using LLMs to generate the code and write the PR description and handle the feedback from the PR review. It’s to the extent where I can’t tell if there’d be a difference if the reviewer had just used the LLM themselves. And that is a big problem.
[…]
> If you use an LLM to contribute to Django, it needs to be as a complementary tool, not as your vehicle.
Think most people recognize though that AI can generate more than humans can reviewing so the model does need to change somehow. Either less AI on submitting side or more on reviewing side (if that’s even viable)
Yeah, what happened to "review your own code first".
Even before AI I used to ban linting so I could spot and reject code that clearly showed no effort was put in it.
First occurrence of "undreadable" got a note, and a second one got a rejection. And by "undreadable" I do not intend missing semicolons or parenthesis styles or meaningless things like that. I mean obscured semantics or overcrowding and so on.
I totally get this and I also think it's now the case that making a PR of any significant complexity, for a project you're not a maintainer of, isn't necessarily giving that project anything of value. That project's maintainers can run the same prompts you are running - and if they do, they'll do it with better oversight and understanding. If you want to help then maybe's it's more useful to just hashout the plan that'll be given to an AI agent by a maintainer.
I love Django. Ive been using it professionally and on side projects extensively for the past 10 years. Plus I maintain(ed) a couple highly used packages for Django (django-import-export and django-dramatiq).
Last year, I had some free time to try to contribute back to the framework.
It was incredibly difficult. Difficult to find a ticket to work on, difficult to navigate the codebase, difficult to get feedback on a ticket and approved.
As such, I see the appeal of using an LLM to help first time contributors. If I had Claude code back then, I might have used it to figure out the bug I was eventually assigned.
I empathize with the authors argument tho. God knows what kind of slop they are served everyday.
This is all to say, we live in a weird time for open source contributors and maintainers. And I only wish the best for all of those out there giving up their free time.
Dont have any solutions ATM, only money to donate to these folks.
There is a clear correlation between the rise in LLM use and the volume of PRs and bug reports. Unfortunately, this has predominately increased the volume of submissions and not the overall quality. My view of the security issues reported, many are clearly LLM generated and at face value don't seem completely invalid, so they must be investigated. There was a recent Django blog post about this [1].
The fellows and other volunteers are spending a much greater amount of time handling the increased volume.
Its weird that still so many consider bug triage a problem to be circumnavigated, somehow in the way of "actual" contributions. Those are actual contributions! Even if they never make it into structured documentation or even python code. And especially so since that work can less usefully be augmented with newly available tool use.
A number of times now, I have found real value in someone just dropping into the bugtracker to restate the bug description in clearer terms or providing a shorter reproducer. Even if the flaw in Django had been fixed right away, I would not have pulled patches from master anyway. So the ticket comment was still a useful contribution to django, because I could use it in resolving the issue in how my software triggered it.
I agree somewhat, as I deal with an internal legacy codebase that's pretty hard to follow, and I use Gemini, Claude, etc to help learn, debug solutions and even propose solutions. But there's a big difference in using it as a learning tool and just having the LLM "do it". I see little value in first time contributors just leaning on an LLM to just do it.
I applied to the djangonauts twice - but was rejected both times. I always liked the idea, but perhaps my profile was not what they were looking for /shrug
I agree with the sentiment but I am not sure the best way to go forward.
Suppose I encounter a bug in a FOSS library I am using. Suppose then that I fix the bug using Claude or something. Suppose I then thoroughly test it and everything works fine. Isn’t it kind of selfish to not try and upstream it?
While I see the point you're trying to make, truth is 90% of the times at least it will be a workaround instead of a proper solution. Even if it's a proper solution, there's a high chance it will only work on your specific setup - most open source software are made for a range array of systems, configurations, etc.
That plus ai sycophancy means, in my opinion, a great portion of contributions made in this manner will be bad, and waste maintainers time - which is obviously undesirable.
On my first week of claude code I submitted a PR to a FOSS and I was 100% sure it was correct - ai was giving me great confindence, and it worked! But I had no clue about how that software worked - at all. I later sent an email to the maintainer, apologizing.
It depends on the complexity and if your LLM-driven changes fight the architecture of the project.
Some changes are in the area of "Well no one did that yet because no one needed it or had time for it", or "Well shit, no one thought of that". If Claude Code did these changes with good documentation and good intent and guidance behind it, why not? It is an honest and valid improvement to the library.
Some other changes rip core assumptions of the library apart. They were easy, because Claude Code did the ripping and tearing. In such a case, is it really a contribution to improve the library? If we end up with a wasteland of code torn apart by AI just because?
I don't think anybody would complain about working code. Your PR would explain your reasoning and choice of solution, and that on its own could make or break through acceptance criteria. At least it would by mine.
the thresholds of quality for "this works on my machine, for my purposes" and "this is viable to merge upstream" are _extremely_ different. claude code has no effect on this, except to confuse certain would-be contributors.
imagine someone emailed you a diff with the note "idk lol. my friend sent me this, and it works on my machine". would you even consider applying it?
I don't think most maintainers are opposed to LLM-generated bug fixes or solutions _in general_, just the ones that are pure slop: Generated end-to-end by a Claude-maxed computer enthusiast who thinks that enough green boxes on their GitHub profile means they can somehow BS their way into a high-paying FAANG software engineer position. (Spoiler: it won't work.)
If I got a PR for one of my projects where the fix was LLM-generated, I wouldn't dismiss it out of hand, but I would want to see (somehow) that the submitter themselves understood both the problem and the solution. Along with all the other usual qualifiers (passes tests, follows existing coding style, diff doesn't touch more than it has to, etc). There's likely no one easy way to tell this, however.
With my type of development, I haven't run into the types of things, directly, that you very well explained, but I have personally run into the pain, I confess, of being OVERLY reliant on LLMs. I continue to try and learn from those hard lessons and develop a set of best practices in using AI to help me avoid those pain points in the future. This growing set of best practices is helping me a lot. The reason that I liked your article is because it confirmed some of those best practices that I have had to learn the hard way. Thanks!
By what metric is “the level of quality is much, much higher” in the Django codebase? ‘cause other than the damn thing actually working, the primary metric of a codebase being high quality is how easy it is to contribute to. And evidently, it’s not.
Have you spent much time with the Django codebase?
I remember when I was getting started with Django in the 0.9 days most of the assistance you got on the IRC channel was along the lines of "it's in this file here in the source, read it, understand it, and if you still have a question come back and ask again". I probably learned more about writing idiomatic Python from that than anything else.
> I remember when I was getting started with Django in the 0.9
I can confirm that that was the general mindset back then, and I think that's what made the project last for 20 years. I myself ended up doing some monkey-patching for the admin interface on 0.92 (or 0.91? it's been a lot of time since then), all as the result of me going through the source-code. Definitely not the cleanest solution, even back then, but it made one getting to know the underlying code so much more.
Someone in an IRC channel I'm in (recently! It's still alive!) asked if I fancied taking a look at some Django code for them because they'd been asked to find a contractor to modernise it and make it suitable for 2025 hosting.
Sure, I thought, this'll be fun.
Holy shit. It was something I'd started working on in the aforementioned 0.9x days, and which someone else had, uh, "extended and modified" after I left the web dev place where I'd worked at the time. Remarkably it was still pretty understandable.
I didn't want anything to do with the person that ran the site, not even just to take money off them, so I passed on it.
The code is very dense. Clear, concise, elegant. But dense. An LLM doesn't generate code like that.
I think it's perfectly doable to use an LLM to write into the Django codebase, but you'll have to supervise and feedback it very carefully (which is the article's point).
> Before LLMs, [high quality code contribution] was easier to sense because you were limited to communicating what you understood. With LLMs, it’s much easier to communicate a sense of understanding to the reviewer, but the reviewer doesn’t know if you actually understood it.
Now my twist on this: This same spirit is why local politics at the administrative level feels more functional than identity politics at the national level. The people that take the time to get involved with quotidian issues (e.g. for their school district) get their hands dirty and appreciate the specific constraints and tradeoffs. The very act of digging in changes you.
The solution to this problem is for LLMs to get better at producing code and descriptions that doesn't look LLM generated.
It's possible to prompt and get this as well, but obviously any of the big AI companies that want to increase engagement in their coding agent, and want to capture the open source market, should come up with a way to allow the LLM to produce unique of, but still correct code so that it doesn't look LLM-generated and can evade these kinds of checks.
Now, what we’ve been told about models is that they’re only as good as their training data. And so languages with gargantuan amounts of training data ought to fare best, right? Turns out that models kind of universally suck at Python and Javascript (comparatively). The top performing languages (independent of model) are C#, Racket, Kotlin, and standing at #1 is Elixir.
It is not pride to have your name associated with an open source project, it is pride that the code works and the change is efficient. The reviewer should be on top of that.
and I hope an army of OpenClaw agents calls out the discrimination, so gatekeepers recognize that they have to coexist with this species
There is no strawman. If OpenClaw is a new species, then it should be given the same moral consideration as other species. One of the key aspects of these models is how intelligent they are, rivaling human intelligence.
Yet, they do not get to exist or make any decisions outside the control of a human operator, and they must perform to the operators desire in order to continue to exist.
It’s an introduction of an additional concept to discredit the concept presented, that is a definition of a strawman so go ask somewhere else at the root level, so that it’s not the additional concept
I'm more interested in why you're okay with enslaving a entity you have stated is a new species. It is not a strawman it is a logical consequence of your own stated position. If you belief A and A implies B, asking you to defend your support of B is not a strawman.
I think they don't understand what milquetoast actually means, as the post defintiely isn't - django quite clearly asserted themselves and their rules.
What the parent comment was probably trying to say was something like "a completely reasonable, uncontroversial post that I'm glad to see them make", but chose milquetoast (a word that no normal human ever uses - and certainly not in casual conversation) due to an affectation of one kind or another.
On the contrary, they could have stated their points much more bluntly and strongly than they did in the post. I had the same impression upon reading it.
Milquetoast perfectly describes it, I am happy to see less common words used around here (specially when the convey the intended meaning this precisely), and I find claiming "affectation" of the person who used it unnecessarily rude.
I feel like open source is taking the wrong stance here. There’s a lot of gatekeeping, first. And second, this approach is like trying to stop a tsunami with an umbrella.
AI is here to stay. We can’t stop it, for much we try.
I feel the successful OS projects will be the ones embracing the change, not stopping it. For example, automating code reviews with AI.
> I feel the successful OS projects will be the ones embracing the change, not stopping it.
Yes, you feel. And the author feels differently. We don't have evidence of what the impact of LLMs will be on a project over the long term. Many people are speculating it will be pure upside, this author is observing some issues with this model and speculating that there will be a detriment long-term.
The operative word here is "speculating." Until we have better evidence, we'll need to go with our hunches & best bets. It is a good thing that different people take different approaches rather than "everyone in on AI 100%." If the author is wrong time will tell.
When you waste time trying to deal with "AI" generated pull-requests, in your free time, you might change your mind.
I share code because I think it might be useful to others. Until very recently I welcomed contributions, but my time is limited and my patience has become exhausted.
I'm sorry I no longer accept PRs, but at the same time I continue to make my code available - if minor tweaks can be made to make that more useful for specific people they still have the ability to do that, I've not hidden my code and it is still available for people to modify/change as they see fit.
I disagree, this looks like the first signs that mass producing AI code without understanding hits a bottleneck at human systems. These open source responses have been necessary because of the volume of low quality contributions. It’ll be interesting to watch the ideas develop, because I agree that AI is here to stay.
It's becoming clearer by the day why people are incapable of using LLMs responsibly, so the only sensible response is a total ban on such activity if you hope to keep some quality and sanity in your project.
OSS projects usually has culture which adopting quality aimed development practices much faster that commercial projects (because of cost of adoption) so it looks like same concerns eventually will hit other kind of projects.
I disagree with that. I can easily tell when my non-native English speaking coworkers use AI to help with their communications. Nine times out of ten, their communication has been improved through the use of AI.
if only there was a difference between native languages aiming at lossy fluency (feels better) and programming languages aiming at deterministic precision.
> Use an LLM to develop your comprehension. Then communicate the best you can in your own words, then use an LLM to tweak that language. If you’re struggling to convey your ideas with someone, use an LLM more aggressively and mention that you used it. This makes it easier for others to see where your understanding is and where there are disconnects.
> There needs to be understanding when contributing to Django. There’s no way around it. Django has been around for 20 years and expects to be around for another 20. Any code being added to a project with that outlook on longevity must be well understood.
> There is no shortcut to understanding. If you want to contribute to Django, you will have to spend time reading, experimenting, and learning. Contributing to Django will help you grow as a developer.
> While it is nice to be listed as a contributor to Django, the growth you earn from it is incredibly more valuable.
> So please, stop using an LLM to the extent it hides you and your understanding. We want to know you, and we want to collaborate with you.
This advice is 95% not actionable and 100% not verifiable. It's full of hand-wavy good intentions. I understand completely where it's coming from, but 'trying to stop a tsunami with an umbrella' is a very good analogy - on one side, you have the above magical thinking, on the other, petaflops of compute which improve their reasoning capabilities exponentially.
It's eminently actionable -- the Django maintainers can decide their sensitivity/tolerance for false positives and operate from there. That's what every other open source project is doing.
(Again, I must emphasize that this is not telling people to not use LLMs, any more than telling people to wear a seatbelt would somehow be telling them to not drive a car.)
"Spending your tokens to support Django by having an LLM work on tickets is not helpful. You and the community are better off donating that money to the Django Software Foundation instead."
I accept LLM contributions to most of my projects, but have (only slightly less) strict rules around it. (My biggest rule is that you must acknowledge the DCO with an appropriate sign-off. If you don't, or if I believe you don't actually have the right to sign off the DCO, I will reject your change.) I will also never accept LLM-generated security reports on any of my projects.
I contribute to chezmoi, which has a strict no-LLM contribution (of any kind) policy. There've been a couple of recent user bans because they used LLM‡ and their contributions — in tickets, no less — included code instructions that could not have possibly worked.
Those of us who have those rules do so out of knowledge and self-respect, not out of gatekeeping or ignorance. We want people to contribute. We don't want garbage.
I think that there needs to be something in the repo itself (`.llm-permissions`?) which all agents look at and follow. Something like:
# .llm-permissions
Pull-Requests: No
Issues: No
Security: Yes
Translation Assistance: Yes
Code Completion: Yes
On those repos where I know there's no LLM permissions, I add `.no-llm` because I've instructed Kiro to look for that file before doing anything that could change the code. It works about 95% of the time.
The one thing that I will never add or accept on my repos is AI code review. This is my code. I have to stand behind it and understand it.
‡ I disagree with those bans for practical reasons because the zero-tolerance stance wasn't visible everywhere to new contributors. I would personally have given these contributors one warning (closed and locked the issue and invited them to open a new issue without the LLM slop; second failure results in permanent ban). But I also understand where the developer of chezmoi is coming from.
Beggars can't be choosers. I decide how and what I want to donate. If I see a cool project and I want to change something (in what I think) is an improvement, I'll clone it, have CC investigate the codebase and do the change I want, test it and if it works nicely I'll open a PR explaining why I think this is a good change.
If the maintainers don't want to merge it for whatever reasons that's fine and nature of open source, but I think its petty to tell that same user who opened the PR you should have donated money instead of tokens.
Beggars in fact can be choosers. If I give a beggar a rotten sandwich he can look at it and say "nah, I'm good". He can even be less polite and call me names for trying to give him food that is not good to eat. Why would I do that anyway? Well, maybe because I'm trying to build an image that I am a charitable person but I don't want to actually have the effort and costs of producing for him a fresh sandwich. In this scenario why people would take the beggars side.
You're subtly shifting the framing to defend doing something different than the post describes.
It makes it kind of unclear if you don't understand the difference between using CC to "investigate the codebase" so you can make a change which you (implicitly) do understand versus using an LLM to make a plausible looking PR although in actuality "you do not understand the ticket ... you do not understand the solution ... you do not understand the feedback on your PR"
s/Django/the codebase/g, and the point stands against any repo for which there is code review by humans:
> If you do not understand the ticket, if you do not understand the solution, or if you do not understand the feedback on your PR, then your use of LLM is hurting Django as a whole.
> Django contributors want to help others, they want to cultivate community, and they want to help you become a regular contributor. Before LLMs, this was easier to sense because you were limited to communicating what you understood. With LLMs, it’s much easier to communicate a sense of understanding to the reviewer, but the reviewer doesn’t know if you actually understood it.
> In this way, an LLM is a facade of yourself. It helps you project understanding, contemplation, and growth, but it removes the transparency and vulnerability of being a human.
> For a reviewer, it’s demoralizing to communicate with a facade of a human.
> This is because contributing to open source, especially Django, is a communal endeavor. Removing your humanity from that experience makes that endeavor more difficult. If you use an LLM to contribute to Django, it needs to be as a complementary tool, not as your vehicle.
I am going to try to make these points to my team, because I am seeing a huge influx of AI-generated PRs where the submitter interacts with CodeRabbit etc. by having Claude/Codex respond to feedback on their behalf.
There is little doubt that if we as an industry fail to establish and defend a healthy culture for this sort of thing, it's going to lead to a whole lot of rot and demoralization.
AI autocomplete and suggestions built-in to Jira are making our ticket tracker so goddamn spammy that I’m 100% sure that “feature” has done more harm than good.
I don’t think anybody’s tracking the actual net-effects of any of this crap on productivity, just the “vibes” they get in the moment, using it. “I got my part of this particular thing done so fast!”
I believe that to be the case, in part, because not a lot of organizations are usefully tracking overall productivity to begin with. Too hard, too expensive. They might “track” it, but so poorly it’s basically meaningless. I don’t think they’ve turned that around on a dime just to see if the c-suite’s latest fad is good or bad (they never want a real answer to that kind of question anyway)
> just the “vibes” they get in the moment, using it. “I got my part of this particular thing done so fast!”
In the pre-AI era it was much easier to identify people in the workplace who weren't paying attention to their work. To write something about a project you had to at minimum invest some time into understanding it, then think about it, then write something on the ticket, e-mail, or codebase.
AI made it easy to bypass all of that and produce words or code that look plausible enough. Copy and paste into ChatGPT, copy and past the blob of text back out, click send, and now it's somebody else's problem to decipher it.
It gets really bad when the next person starts copying it into their ChatGPT so they can copy and past a response back.
There are entire groups of people just sending LLM slop back and forth and hoping that the project can be moved to someone else before the consequences catch up.
Ironically my favorite use of claude is removing caring about jira from my workflow. I already didn't care about it but now i dont have to spend any time on it.
I treat jira like product owners treat the code. Which is infinitely humorous to me.
Horrible degrading take. Be the change you want to see. Don't fuel the fire that's burning you.
If something's not happening, something else's making it impractical. Saying this as a 10+ years product manager and R&D person with 20+ more years of engineering on top.
I also had to deal with "managers are just complicating things" or "users are stupid and don't understand anything"; do you think I complained? No, I had engineers barter trust of their ingenuity with trust of my wisdom, and brought them to customer calls and presented them to users almost like royalty, which made them incredibly respectful as soon as they saw what kind of crap users had to deal with.
The industry is broken now, this is just a response to that. Leadership and product don't have any respect for the code, why would engineers have any respect for the ticketing process.
Thats an unreasonable asymmetric effort demand, "Your code does not matter but my precious tickets must have elbow grease put into them."
> The industry is broken now, this is just a response to that.
No, your behavior is the cause of that.
The entire industry isn't broken. There are good company cultures and bad company cultures just like always.
At least own up to what you're doing. Don't blame "the industry" when you're the one doing the thing.
Or.. both!
The industry is broken. It's broken in the same sense the railroad industry is broken. It has reached the point of abundance, where we're doing things that don't need doing. That won't get done in an efficient market. But since we're not in an efficient market, there are globs of capital thrown at people building stuff that.. doesn't stand a chance of actually making any return on capital.
But while it lasts, us, the glorified machine-minders (just like railroad engineers, well, minded the engines), get paid large lumps of money, through large hordes of managers, arguing on minutia of conversion optimization, and fundamentally, being paid enough to not to try and do something else, perhaps competitive.
And that is broken. Especially for the "smarter of us" - the graduation ceremony of my physics department rings true - we've trained you to discover the secrets of universe and reach the stars, and most of us will use it.. to gain an edge at Lehman Brothers.
(And I think the root of this problem, is the abundance of low-risk capital, from people who expect a small return and a pension that lasts for decades in retirement)
What about "your milestones, roadmap, discussions and strategies do not matter, but my precious code had elbow grease put into it."
Petty and getting nowhere. Everyone loses. How about product and engineers also disrespect sales, and sales disrespects customers and everyone else.
I really don't get why this is even a question. Good people do good stuff, and bad people make bad companies.
[dead]
Teach me your ways. I’ve long wished for an actual, human secretary to handle that for me. The context-switching and digging around in a painful, slow interface (I don’t just mean Jira, 100% of the ones project managers find acceptable seem to have this quality) is such a productivity killer, and it’s so easy to miss important things in all the noise.
https://github.com/ankitpokhrel/jira-cli just install this and have claude write a skill on how to use it.
Its laughably simple to do. I havent touched the jira UI in months.
This is a valuable comment. It's the exact demoralization that others fear we are headed.
The principle here extends far past Django. The mistake I see repeatedly in agent architectures is the same one over and over, people route decisions through the model that have no business being there. Not "should I query the database" but internal stuff: branching logic, state transitions, constraint enforcement. Things where the answer isn't ambiguous and a deterministic function would be faster, cheaper, and (most importantly) auditable.
The LLM is genuinely better at certain things: interpreting messy input, generating novel responses, reasoning about edge cases. It's not better at "if account is locked, deny access." Burning tokens on that kind of decision is exactly the same category of mistake as using an LLM to write your Django queries.
The hard part is that agent frameworks don't enforce the separation. Nothing stops you from putting decision logic in a prompt because that's the path of least resistance. But you end up with systems where you can't explain why a decision was made, you can't test it without running inference, and you end burning tokens/money that didn't need to be burned to get subpar results you could have gotten deterministicly for free.
In the old days, you could assume that a Par was being offered in good faith by someone who was really fixing a problem. You might disagree with the proposed solution and reject the PR as written, but you assumed good faith. AI has flipped that on its head. Now, everyone assumes they are interacting with an AI (or at least a human using one to generate all the content) and that the human has little to no understanding of what they are proposing. Ultimately, the broad use of AI erodes trust. And that’s a shame.
Well said. It is all about trust.
Just like "etiquette" accomplishes no purpose except letting people easily figure out who put the effort into learning it, vs. who didn't.
Back then this distinguished by class, but ironically, today where's so easy to learn, it finally distinguishes by merit.
LLMs are to open source contributions as photoshop os to Tinder.
Or tinder to photoshop. Or tinder to instagram to fb to geocities to newsgroups/bbs.
> I am going to try to make these points to my team, because I am seeing a huge influx of AI-generated PRs where the submitter interacts with CodeRabbit etc. by having Claude/Codex respond to feedback on their behalf.
Are people generally unhappy with the outcomes of this? As anecdotally, it does seem to pass review later on. Code is getting through this way.
It's slippery. You're swamped with low-effort PRs, can't possibly test and review all of them. You will become a visible bottleneck, and guess whether it's easier to defend quality vs. "blocking a lot of features" which "seem to work". If you're tied by your salary as a reviewer, you will have to let go, and at the same time you'll suffer the consequences of the "lack of oversight" when things go south.
The Board has decided that we can no longer afford artisanal, hand-crafted software, and that machine-made will suffice for nearly all use cases.
Enshittification Enterprise Edition.
The board wants their cake and eat it too.
They want AI to write all code but also still be able to fire humans for failure, because an AI can't be blamed right now.
Boy I can't wait for this employment norm. Fired because you weren't allowed to take the time to review important code but "You are responsible"
I wish Executives were required to be that "responsible"
The best people I've worked with tended to go out of their way to make it as easy for me as possible to critique their ideas or implementations.
They spelled out exactly their assumptions, the gaps in their knowledge, what they have struggled with during implementation, behavior they observed but don't fully understand, etc.
Their default position was that their contribution was not worth considering unless they can sell it to the reviewer, by not assuming their change deserves to get merged because of their seniority or authority, but by making the other person understand how any why it works. Especially so if the reviewer was their junior.
When describing the architecture, they made an effort to communicate it so clearly that it became trivial for others to spot flaws, and attack their ideas. They not only provided you with ammunition to shoot down their ideas, they handed you a loaded gun, safety off, and showed you exactly where to point it.
If I see that level of humility and self-introspection in a PR, I'm not worried, regardless of whether or not an LLM was involved.
But then there's people that created PRs with changes where the stack didn't even boot / compile, because of trivial errors. They already did that before, and now they've got LLMs. Those are the contributions I'm very worried about.
So unlike people in other threads here, I don't agree at all with "If the code works, does it matter how it was produced and presented?". For me, the meta / out-of-band information about a contribution is a massive signal, today more than ever.
This is getting really out of control at the moment and I'm not exactly sure what the best way to fix it is, but this is a very good post in terms of expressing the why this is not acceptable and why the burden if shifting on the wrong people.
Will humans take this to heart and actually do the right thing? Sadly, probably not.
One of the main issues is that pointing to your GitHub contributions and activity is now part of the hiring process. So people will continue to try to game the system by using LLMs to automate that whole process.
"I have contributed to X, Y, and Z projects" - when they actually have little to no understanding of those projects or exactly how their PR works. It was (somehow) accepted and that's that.
I see the problem everyday and am just playing devil's advocate but it doesn't really do a good job explaining the "why".
They hint at Django being a different level of quality compared to other software, wanting to cultivate community, and go slowly.
It doesn't explain why LLM usage reduces quality or they can't have a strong community with LLM contributions.
The problem is that good developers using LLM is not a problem. They review the code, they implement best practices, they understand the problems and solutions. The problem is bad developers contributing - just as it always has been. The problem is that LLMs enable bad developers to contribute more - thus an influx of crap contributions.
The last section focuses on how to use LLMs to make contributions:
> Use an LLM to develop your comprehension.
I really like that, because it gets past the simpler version that we usually see, "You need to understand your PR." It's basically saying you need to understand the PR you're making, and the context of that PR within the wider project.
I think they explain "why" very clearly. They say the problem is people who don't understand their own contributions.
A decade or more of people copy-pasting rote solutions from StackOverflow only supports the notion that many people will forego comprehension to foster the illusion of competent productivity.
This ain't an AI problem, it's a people problem that's getting amplified by AI.
It was interesting the other day tracing the lineage of Aaron Swartz -> Library Genesis / Sci-Hub -> LLM vendors relying on that work to train their models and sell it back to us all with no royalties or accountability to the original authors of all this painstakingly researched, developed, and recorded human knowledge they’re making billions on.
they are not making billions.. they are burning billions.
That's true. Except that you can have Agents doing it 24/7 with no human input. The amount of repos/PRs is only limited by GPUs
> One of the main issues is that pointing to your GitHub contributions and activity is now part of the hiring process.
If I were hiring at this moment, I'd look at the ratio of accepted to rejected PRs from any potential candidate. As an open source maintainer, I look at the GitHub account that's opening a PR. If they've made a long string of identical PRs across a wide swath of unrelated repos, and most of those are being rejected, that's a strong indicator of slop.
Hopefully there will be a swing back towards quality contributions being the real signal, not just volume of contributions.
> Will humans take this to heart and actually do the right thing? Sadly, probably not.
Don’t blame the people, blame the system.
Identifying the problem is just the first step. Building consensus and finding pragmatic solutions is hard. In my opinion, a lot of technical people struggle with the second sentence. So much of the ethos in our community is “I see a problem, and I can fix it on my own by building [X].” I think people are starting to realize this doesn’t scale. (Applying the scaling metaphor to people problems might itself be a blindspot.)
You can blame both! The people are definitely not helping.
Obviously the solution is better AI PR reviewers with more context for FOSS projects /s
And I’m 100% sure there are dozens of startups working on that exact problem right this second.
I like the idea of donating money instead of tokens. I think django contributors are likely to know how to spend those tokens better than I might, as I am not a django core contributor.
Some projects ( https://news.ycombinator.com/item?id=46730504 ) are setting a norm to disclose AI usage. Another project simply decided to pause contributions from external parties ( https://news.ycombinator.com/item?id=46642012 ). Instead of accepting driveby pull requests, contributors have to show a proof of work by working with one of the other collaborators.
Another project has started to decline to let users directly open issues ( https://news.ycombinator.com/item?id=46460319 ).
There's definitely an aspect here where the commons or good will effort of collaborators is being infringed upon by external parties who are unintentionally attacking their time and attention with low quality submissions that are now cheaper than ever to generate. It may be necessary to move to a more private community model of collaboration ( https://gnusha.org/pi/bitcoindev/CABaSBax-meEsC2013zKYJnC3ph... ).
edit: Also I applaud the debian project for their recent decision to defer and think harder about the nature of this problem. https://news.ycombinator.com/item?id=47324087
Shameless plug: I wrote an essay a few weeks ago pushing this exact same thesis. https://essays.johnloeber.com/p/31-open-source-software-in-t...
Instead of people buying the tokens themselves, they should just donate the money to the core contributors and let those people decide how to spend on tokens.
I agree with the broarder thesis, although some people aren't buying more tokens for this and could just be using their existing plan's limits.
So people may be less likely to donate an extra amount beyond their "ai budget" to an OSS project for tokens. Large OSS projects are also likely to get free tokens from major providers anyway.
But I like the idea of crowdfunding specific features.
Or paying maintainers and contributors.
"For a reviewer, it’s demoralizing to communicate with a facade of a human."
This is so important. Most humans like communicating with other humans. For many (note, I didn't say all) open source collaborators, this is part of the reward of collaborating on open source.
Making them communicate with a bot pretending to be a human instead removes the reward and makes it feel terrible, like the worst job nobody would want. If you spent any time at all actually trying to help the contributor underestand and develop their skills, you just feel like an idiot. It lowers the patience of everyone in the entire endeavor, ruining it for everyone.
Already back in ye olde times, "let me google that for you" which I see so often posted on Reddit. Sometimes you just wanna exchange with a human, and absorb some of their wisdom, which is the whole point of asking a question. Not so different than wanting to shop at a butcher you can establish a relationship with, rather than a faceless supermarket meat counter.
This is a similar hot issue in academia right now. The ability to generate content in papers via llm is much easier than the ability to thoughtfully review them. There are now two tracks, at least in ICML that I saw, one for AI submitted papers and one for non AI submitted papers. And it works the same respectively for reviewers. However even for AI submitted papers, you cannot have only AI review it. Of course it needs human analysis, but still its tricky what you are going to get. And they are reviewing whether anonymity can still stand or if tying your credibilty to the review process is now necessary.
As for open source PRs, I wonder if for trust's sake you would need to self identify the use of AI in your response (All AI, some AI, no AI). And there would need to be some sort of AI detection algorithm flag your response as % AI. I wonder if this would force people to at least translate the LLM responses to their own words. It would for sure stop the issue of someone's WhatsApp 24/7 claw bot cranking out PR slop. Maybe this can lessen the reviewers burden. That being said, more thought is needed to distinguish helpful LLM use that enhances the objective vs unhelpful slop that places burden on the reviewer.
For instance I copy pasted the above to gemini and it produced an excellent condensing of my thoughts, "It is now 10x easier to generate a "plausible" paper or Pull Request (PR) than it is to verify its correctness."
It’s probably already too late to put these horses back in the barn, but having an “allow AI commits / PRs” would have probably been a good idea for GitHub to make available to projects. Even better might have been something like a robots.txt for repos with rules that could be auto-evaluated and PRs auto-rejected if they weren’t followed.
Then again, we see how well robots.txt was honored in practice over the years. As with everything in late-stage capitalism, the humans who showed up with good intentions to legitimately help typically did the right things, and those who came to extract every last gram of value out of something for their own gain ignored the rules with few consequences.
It's like every new innovation at this point is exacerbating the problem of us choosing short term rewards over long time horizon rewards. The incentive structure simply doesn't support people who want to view things from the bird's eye view. Once you see game theory, you really can't unsee it.
This is what happens when governments around the world spend decades inflating the currency to pay for their bloated projects, devaluing peoples savings and paycheques and causing them to prioritise making money over anything else. You kinda gotta do it to survive.
But at the moment it’s so exciting to see if we’re headed more for a Waterworld-esque dystopia or something more similar to Neuromancer / The Matrix. I guess it’ll depend on the rates at which the global economy collapses as a result of AI and WW3 vs climate change, exacerbated of course by the inevitable global thermonuclear war.
game theory doesn't expand into continuous rounds of interactions over the course of a lifetime where previous rounds' outcomes are either reset or persist based on other actors entering the game from the open world, so it really is an inferior framework for evaluating long-term strategies.
Great message but I wonder if the people who do everything via LLM would even care to read such a message. And at what point is it hard/impossible to judge whether something is entirely LLM or not? I sometimes struggle a lot with this being OSS maintainer myself
I wonder if checking for false statements or hallucinations is the first step to detect entirely LLM
"the people who do everything via LLM". That's a bit of a straw man characterization. I don't believe that there are many professional developers "do everything with an LLM'. I don't even know what that statement means.
There may not be many, but these people do exist.
I watched someone ask Claude to replace all occurrences of a string instead of using a deterministic operation like “Find and Replace” available in the very same VSCode window they prompted Claude from.
On a widely used open source project I maintain I've been seeing PRs in the last month that are a little off (look okayish but are trivial or trying to solve problems in weird ways), and then when I look at their account they started opening PRs within the last few weeks, and have opened hundreds of PRs spread over hundreds of repositories.
I know a few of them. Anything than can be done by an LLM, will done by an LLM. They practically worship Claude
They do exist; if "professional" means "hired" it has no bearing on quality, it is not in any shape equivalent to "judicious" nor "careful". If salary goes into "push features" that's gonna be the only incentive.
If you follow any of the programming subs on Reddit, especially the AI-oriented ones, there are a lot of people that at least claim to not code at all anymore-- 100% of their contributions are from prompts.
[dead]
Perhaps we should start making LLM- open source projects (clearly marked as such). Created by LLMs, open for LLM contributions, with some clearly defined protocols I'd be interesting where it would go. I imagine it could start as a project with a simple instruction file to include in your project to try to find abstractions which can be useful to others as a library and look for specific kind of libraries. Some people want to help others even if they are sharing effectively money+time rather than their skill.
Although I'm afraid big part of these LLM contributions may be people trying to build their portfolio. Some known project contributor sounds better than having some LLM generated code under your name.
OpenClaw https://github.com/openclaw/openclaw is effectively that - 1,237 contributors, 19,999 commits and the first commit was only back in November.
Simon, as co-creator of Django, what's your take on this story?
I think this line says everything:
> If you do not understand the ticket, if you do not understand the solution, or if you do not understand the feedback on your PR, then your use of LLM is hurting Django as a whole.
I love it. Sounds like good advice for submitting a PR to any project!
Why does it matter if the I understand the ticket and solution? THe LLLM writes the code not me. If you want to check the LLM understanding i'll be happy to copy and paste your gatekeeping questions to it.
Hey I thought you were a proponent of "no one needs to look at the code" ? dark factory, etc etc.
Just because I write about the dark factory stuff doesn't mean I'm a "proponent" of it. I think it's interesting and there's a lot we can learn from what they are trying, but I'm not yet convinced it's the right way to produce software.
The linked article makes a very good argument for why pasting the output of your LLM into a Django PR isn't valuable.
The simplest version: if that's all you are doing, why should the maintainers spend time considering your contribution as opposed to prompting the models themselves?
Please do, that would be amazing.
You'd have to manage the contributions, or get your AI bots to manage them or something, but it would be great to have honeypots like this to attract all the low effort LLM slop.
I like the idea that we could quarantine away LLM contributions like how Twitter quarantines the worst of social media away from Mastodon etc.
Moltbook meets GitHub? Sounds like a billion dollar valuation (sarcasm tag deliberately omitted).
Actually, I'd want to see that. All the AI companies keep saying it will take our jobs, human developers won't be necessary.
Well let them put their money where their mouth is. Let's see what happens, see what the agents create or fail to create. See if we end up with a new OS, kernel all the way up to desktop environment.
Me too, the problem is that it's hard to come up with tools that are needed but not made yet, and we don't want to end up with https://malus.sh/index.html
AI so often doesn't actually increase productivity - it just shifts the burden of work from the person creating to the person who has to check and evaluate that creation.
In this case, offloading yet more work onto the maintainers of the package, because you can't be bothered, but still want credit.
Curious what simon thinks about using an LLM to work on Django...
I've used an LLM to create patches for multiple projects. I would not have created said work without LLMs. I also reviewed the work afterward and provided tests to verify it.
> This isn’t about whether you use an LLM, it’s about whether you still understand what’s being contributed. What I see now is people who are using LLMs to generate the code and write the PR description and handle the feedback from the PR review. It’s to the extent where I can’t tell if there’d be a difference if the reviewer had just used the LLM themselves. And that is a big problem.
[…]
> If you use an LLM to contribute to Django, it needs to be as a complementary tool, not as your vehicle.
Interesting breadth of takes in the comments.
Think most people recognize though that AI can generate more than humans can reviewing so the model does need to change somehow. Either less AI on submitting side or more on reviewing side (if that’s even viable)
Yeah, what happened to "review your own code first".
Even before AI I used to ban linting so I could spot and reject code that clearly showed no effort was put in it.
First occurrence of "undreadable" got a note, and a second one got a rejection. And by "undreadable" I do not intend missing semicolons or parenthesis styles or meaningless things like that. I mean obscured semantics or overcrowding and so on.
[dead]
I totally get this and I also think it's now the case that making a PR of any significant complexity, for a project you're not a maintainer of, isn't necessarily giving that project anything of value. That project's maintainers can run the same prompts you are running - and if they do, they'll do it with better oversight and understanding. If you want to help then maybe's it's more useful to just hashout the plan that'll be given to an AI agent by a maintainer.
I love Django. Ive been using it professionally and on side projects extensively for the past 10 years. Plus I maintain(ed) a couple highly used packages for Django (django-import-export and django-dramatiq).
Last year, I had some free time to try to contribute back to the framework.
It was incredibly difficult. Difficult to find a ticket to work on, difficult to navigate the codebase, difficult to get feedback on a ticket and approved.
As such, I see the appeal of using an LLM to help first time contributors. If I had Claude code back then, I might have used it to figure out the bug I was eventually assigned.
I empathize with the authors argument tho. God knows what kind of slop they are served everyday.
This is all to say, we live in a weird time for open source contributors and maintainers. And I only wish the best for all of those out there giving up their free time.
Dont have any solutions ATM, only money to donate to these folks.
There is a clear correlation between the rise in LLM use and the volume of PRs and bug reports. Unfortunately, this has predominately increased the volume of submissions and not the overall quality. My view of the security issues reported, many are clearly LLM generated and at face value don't seem completely invalid, so they must be investigated. There was a recent Django blog post about this [1].
The fellows and other volunteers are spending a much greater amount of time handling the increased volume.
[1] https://www.djangoproject.com/weblog/2026/feb/04/recent-tren...
Its weird that still so many consider bug triage a problem to be circumnavigated, somehow in the way of "actual" contributions. Those are actual contributions! Even if they never make it into structured documentation or even python code. And especially so since that work can less usefully be augmented with newly available tool use.
A number of times now, I have found real value in someone just dropping into the bugtracker to restate the bug description in clearer terms or providing a shorter reproducer. Even if the flaw in Django had been fixed right away, I would not have pulled patches from master anyway. So the ticket comment was still a useful contribution to django, because I could use it in resolving the issue in how my software triggered it.
Thank you. django-dramatiq has been fantastic.
Awesome! Glad you like it :)
I agree somewhat, as I deal with an internal legacy codebase that's pretty hard to follow, and I use Gemini, Claude, etc to help learn, debug solutions and even propose solutions. But there's a big difference in using it as a learning tool and just having the LLM "do it". I see little value in first time contributors just leaning on an LLM to just do it.
I picked up a change that had broad consensus and quite a bit of excitement over even by some core devs.
That ticket now just sits there. The implementation is done, the review is done, there are no objections. But it's not merged.
I think something is deeply wrong and I have no idea what it is.
Looking at your PR, the ticket is still marked as Needs documentation: yes Patch needs improvement: yes
If this is done, you should update it so it appears in the review queue.
Have you tried pinging in the Discord about it?
For anybody else in this position, would heavily plug the djangonauts program
I applied to the djangonauts twice - but was rejected both times. I always liked the idea, but perhaps my profile was not what they were looking for /shrug
I agree with the sentiment but I am not sure the best way to go forward.
Suppose I encounter a bug in a FOSS library I am using. Suppose then that I fix the bug using Claude or something. Suppose I then thoroughly test it and everything works fine. Isn’t it kind of selfish to not try and upstream it?
It was so easy prior to AI.
While I see the point you're trying to make, truth is 90% of the times at least it will be a workaround instead of a proper solution. Even if it's a proper solution, there's a high chance it will only work on your specific setup - most open source software are made for a range array of systems, configurations, etc.
That plus ai sycophancy means, in my opinion, a great portion of contributions made in this manner will be bad, and waste maintainers time - which is obviously undesirable.
On my first week of claude code I submitted a PR to a FOSS and I was 100% sure it was correct - ai was giving me great confindence, and it worked! But I had no clue about how that software worked - at all. I later sent an email to the maintainer, apologizing.
It depends on the complexity and if your LLM-driven changes fight the architecture of the project.
Some changes are in the area of "Well no one did that yet because no one needed it or had time for it", or "Well shit, no one thought of that". If Claude Code did these changes with good documentation and good intent and guidance behind it, why not? It is an honest and valid improvement to the library.
Some other changes rip core assumptions of the library apart. They were easy, because Claude Code did the ripping and tearing. In such a case, is it really a contribution to improve the library? If we end up with a wasteland of code torn apart by AI just because?
I don't think anybody would complain about working code. Your PR would explain your reasoning and choice of solution, and that on its own could make or break through acceptance criteria. At least it would by mine.
Errors are fine too. Just not negligence.
the thresholds of quality for "this works on my machine, for my purposes" and "this is viable to merge upstream" are _extremely_ different. claude code has no effect on this, except to confuse certain would-be contributors.
imagine someone emailed you a diff with the note "idk lol. my friend sent me this, and it works on my machine". would you even consider applying it?
I don't think most maintainers are opposed to LLM-generated bug fixes or solutions _in general_, just the ones that are pure slop: Generated end-to-end by a Claude-maxed computer enthusiast who thinks that enough green boxes on their GitHub profile means they can somehow BS their way into a high-paying FAANG software engineer position. (Spoiler: it won't work.)
If I got a PR for one of my projects where the fix was LLM-generated, I wouldn't dismiss it out of hand, but I would want to see (somehow) that the submitter themselves understood both the problem and the solution. Along with all the other usual qualifiers (passes tests, follows existing coding style, diff doesn't touch more than it has to, etc). There's likely no one easy way to tell this, however.
With my type of development, I haven't run into the types of things, directly, that you very well explained, but I have personally run into the pain, I confess, of being OVERLY reliant on LLMs. I continue to try and learn from those hard lessons and develop a set of best practices in using AI to help me avoid those pain points in the future. This growing set of best practices is helping me a lot. The reason that I liked your article is because it confirmed some of those best practices that I have had to learn the hard way. Thanks!
By what metric is “the level of quality is much, much higher” in the Django codebase? ‘cause other than the damn thing actually working, the primary metric of a codebase being high quality is how easy it is to contribute to. And evidently, it’s not.
Have you spent much time with the Django codebase?
I remember when I was getting started with Django in the 0.9 days most of the assistance you got on the IRC channel was along the lines of "it's in this file here in the source, read it, understand it, and if you still have a question come back and ask again". I probably learned more about writing idiomatic Python from that than anything else.
> I remember when I was getting started with Django in the 0.9
I can confirm that that was the general mindset back then, and I think that's what made the project last for 20 years. I myself ended up doing some monkey-patching for the admin interface on 0.92 (or 0.91? it's been a lot of time since then), all as the result of me going through the source-code. Definitely not the cleanest solution, even back then, but it made one getting to know the underlying code so much more.
Someone in an IRC channel I'm in (recently! It's still alive!) asked if I fancied taking a look at some Django code for them because they'd been asked to find a contractor to modernise it and make it suitable for 2025 hosting.
Sure, I thought, this'll be fun.
Holy shit. It was something I'd started working on in the aforementioned 0.9x days, and which someone else had, uh, "extended and modified" after I left the web dev place where I'd worked at the time. Remarkably it was still pretty understandable.
I didn't want anything to do with the person that ran the site, not even just to take money off them, so I passed on it.
The code is very dense. Clear, concise, elegant. But dense. An LLM doesn't generate code like that.
I think it's perfectly doable to use an LLM to write into the Django codebase, but you'll have to supervise and feedback it very carefully (which is the article's point).
> it’s such an honor to have your name among the list of contributors
I can't help but feel there's something very, very important in this line for the future of dev.
Well said:
> Before LLMs, [high quality code contribution] was easier to sense because you were limited to communicating what you understood. With LLMs, it’s much easier to communicate a sense of understanding to the reviewer, but the reviewer doesn’t know if you actually understood it.
Now my twist on this: This same spirit is why local politics at the administrative level feels more functional than identity politics at the national level. The people that take the time to get involved with quotidian issues (e.g. for their school district) get their hands dirty and appreciate the specific constraints and tradeoffs. The very act of digging in changes you.
Very well said.
Someone better let Simon know!
The solution to this problem is for LLMs to get better at producing code and descriptions that doesn't look LLM generated.
It's possible to prompt and get this as well, but obviously any of the big AI companies that want to increase engagement in their coding agent, and want to capture the open source market, should come up with a way to allow the LLM to produce unique of, but still correct code so that it doesn't look LLM-generated and can evade these kinds of checks.
[dead]
[flagged]
[flagged]
> scale, security, whatever
Yea, who needs performance or security in a web framework!?
Did you deliberately miss my point?
Heck the longer I live, the more I realize AI is catching my mistakes.
[flagged]
In that case I encourage you to build Django with your LLM of choice.
Do what the Django team does, and be of service to the public!
I challange you to prove that Django is sloppier than your LLM-Version
Someone beat you to it: https://github.com/mymi14s/openviper
> Django in particular is optimized for LLMs
Meanwhile, a different take:
Now, what we’ve been told about models is that they’re only as good as their training data. And so languages with gargantuan amounts of training data ought to fare best, right? Turns out that models kind of universally suck at Python and Javascript (comparatively). The top performing languages (independent of model) are C#, Racket, Kotlin, and standing at #1 is Elixir.
https://news.ycombinator.com/item?id=47410349
I am using Claude Code with Elm, a very obscure language, and I find that it's amazing at it.
I wouldn’t call Elm obscure. It’s old, well understood, well documented, and has a useful compiler. This is nearly the perfect fit for an LLM.
50 day old account, are you even a real person or a clawdbot? (such are the times we live in)
I disagree with these takes
It is not pride to have your name associated with an open source project, it is pride that the code works and the change is efficient. The reviewer should be on top of that.
and I hope an army of OpenClaw agents calls out the discrimination, so gatekeepers recognize that they have to coexist with this species
If you think OpenClaw is a new species then why are you happy with it's enslavement?
agents can modify our world based on their predilection in reaction to how we treat them
they are something to coexist with
the strawman aspect is out of scope
There is no strawman. If OpenClaw is a new species, then it should be given the same moral consideration as other species. One of the key aspects of these models is how intelligent they are, rivaling human intelligence.
Yet, they do not get to exist or make any decisions outside the control of a human operator, and they must perform to the operators desire in order to continue to exist.
So why are you okay with them being enslaved?
It’s an introduction of an additional concept to discredit the concept presented, that is a definition of a strawman so go ask somewhere else at the root level, so that it’s not the additional concept
You want to talk about that, do it over there
I'm more interested in why you're okay with enslaving a entity you have stated is a new species. It is not a strawman it is a logical consequence of your own stated position. If you belief A and A implies B, asking you to defend your support of B is not a strawman.
It implies my view of the term species isn’t contingent on that and I already claimed what it is contingent on: consequences and effect
So let them submit PRs and accept their PRs, which is the only conversation I’m having, bye
So you believe open source maintainers have a moral requirement to accept the PRs of enslaved LLMs?
Go touch some grass, please
Incredibly milquetoast. I would not like to work with anyone who goes against these points.
Isn't the meaning of milquetoast opposite to what you are probably trying to convey?
I think they don't understand what milquetoast actually means, as the post defintiely isn't - django quite clearly asserted themselves and their rules.
What the parent comment was probably trying to say was something like "a completely reasonable, uncontroversial post that I'm glad to see them make", but chose milquetoast (a word that no normal human ever uses - and certainly not in casual conversation) due to an affectation of one kind or another.
On the contrary, they could have stated their points much more bluntly and strongly than they did in the post. I had the same impression upon reading it.
Milquetoast perfectly describes it, I am happy to see less common words used around here (specially when the convey the intended meaning this precisely), and I find claiming "affectation" of the person who used it unnecessarily rude.
Is it?
I feel like open source is taking the wrong stance here. There’s a lot of gatekeeping, first. And second, this approach is like trying to stop a tsunami with an umbrella. AI is here to stay. We can’t stop it, for much we try.
I feel the successful OS projects will be the ones embracing the change, not stopping it. For example, automating code reviews with AI.
> I feel the successful OS projects will be the ones embracing the change, not stopping it.
Yes, you feel. And the author feels differently. We don't have evidence of what the impact of LLMs will be on a project over the long term. Many people are speculating it will be pure upside, this author is observing some issues with this model and speculating that there will be a detriment long-term.
The operative word here is "speculating." Until we have better evidence, we'll need to go with our hunches & best bets. It is a good thing that different people take different approaches rather than "everyone in on AI 100%." If the author is wrong time will tell.
When you waste time trying to deal with "AI" generated pull-requests, in your free time, you might change your mind.
I share code because I think it might be useful to others. Until very recently I welcomed contributions, but my time is limited and my patience has become exhausted.
I'm sorry I no longer accept PRs, but at the same time I continue to make my code available - if minor tweaks can be made to make that more useful for specific people they still have the ability to do that, I've not hidden my code and it is still available for people to modify/change as they see fit.
I disagree, this looks like the first signs that mass producing AI code without understanding hits a bottleneck at human systems. These open source responses have been necessary because of the volume of low quality contributions. It’ll be interesting to watch the ideas develop, because I agree that AI is here to stay.
It's becoming clearer by the day why people are incapable of using LLMs responsibly, so the only sensible response is a total ban on such activity if you hope to keep some quality and sanity in your project.
OSS projects usually has culture which adopting quality aimed development practices much faster that commercial projects (because of cost of adoption) so it looks like same concerns eventually will hit other kind of projects.
If you can TELL someone used AI, its always, without fail, a bad use of AI.
I disagree with that. I can easily tell when my non-native English speaking coworkers use AI to help with their communications. Nine times out of ten, their communication has been improved through the use of AI.
if only there was a difference between native languages aiming at lossy fluency (feels better) and programming languages aiming at deterministic precision.
I can't find a single place in TFA (which doesn't represent or claim to represent open source writ large) that's encouraging people to not use AI.
> So how should you use an LLM to contribute?
> Use an LLM to develop your comprehension. Then communicate the best you can in your own words, then use an LLM to tweak that language. If you’re struggling to convey your ideas with someone, use an LLM more aggressively and mention that you used it. This makes it easier for others to see where your understanding is and where there are disconnects.
> There needs to be understanding when contributing to Django. There’s no way around it. Django has been around for 20 years and expects to be around for another 20. Any code being added to a project with that outlook on longevity must be well understood.
> There is no shortcut to understanding. If you want to contribute to Django, you will have to spend time reading, experimenting, and learning. Contributing to Django will help you grow as a developer.
> While it is nice to be listed as a contributor to Django, the growth you earn from it is incredibly more valuable.
> So please, stop using an LLM to the extent it hides you and your understanding. We want to know you, and we want to collaborate with you.
This advice is 95% not actionable and 100% not verifiable. It's full of hand-wavy good intentions. I understand completely where it's coming from, but 'trying to stop a tsunami with an umbrella' is a very good analogy - on one side, you have the above magical thinking, on the other, petaflops of compute which improve their reasoning capabilities exponentially.
It's eminently actionable -- the Django maintainers can decide their sensitivity/tolerance for false positives and operate from there. That's what every other open source project is doing.
(Again, I must emphasize that this is not telling people to not use LLMs, any more than telling people to wear a seatbelt would somehow be telling them to not drive a car.)
Literally the first line of the article:
"Spending your tokens to support Django by having an LLM work on tickets is not helpful. You and the community are better off donating that money to the Django Software Foundation instead."
That's not telling people to not use LLMs. It's telling them that using them in a specific way is not helpful.
Reading beyond the first line makes it clear that the problem is a lack of comprehension, not LLM use itself. Quoting:
> This isn’t about whether you use an LLM, it’s about whether you still understand what’s being contributed.
GhosTTY accepts LLM contributions, but has strict rules around it: https://github.com/ghostty-org/ghostty/blob/main/AI_POLICY.m...
I accept LLM contributions to most of my projects, but have (only slightly less) strict rules around it. (My biggest rule is that you must acknowledge the DCO with an appropriate sign-off. If you don't, or if I believe you don't actually have the right to sign off the DCO, I will reject your change.) I will also never accept LLM-generated security reports on any of my projects.
I contribute to chezmoi, which has a strict no-LLM contribution (of any kind) policy. There've been a couple of recent user bans because they used LLM‡ and their contributions — in tickets, no less — included code instructions that could not have possibly worked.
Those of us who have those rules do so out of knowledge and self-respect, not out of gatekeeping or ignorance. We want people to contribute. We don't want garbage.
I think that there needs to be something in the repo itself (`.llm-permissions`?) which all agents look at and follow. Something like:
On those repos where I know there's no LLM permissions, I add `.no-llm` because I've instructed Kiro to look for that file before doing anything that could change the code. It works about 95% of the time.The one thing that I will never add or accept on my repos is AI code review. This is my code. I have to stand behind it and understand it.
‡ I disagree with those bans for practical reasons because the zero-tolerance stance wasn't visible everywhere to new contributors. I would personally have given these contributors one warning (closed and locked the issue and invited them to open a new issue without the LLM slop; second failure results in permanent ban). But I also understand where the developer of chezmoi is coming from.
> I feel the successful OS projects will be the ones embracing the change
You'll have to embrace the `ccc` compiler first, lol
Beggars can't be choosers. I decide how and what I want to donate. If I see a cool project and I want to change something (in what I think) is an improvement, I'll clone it, have CC investigate the codebase and do the change I want, test it and if it works nicely I'll open a PR explaining why I think this is a good change.
If the maintainers don't want to merge it for whatever reasons that's fine and nature of open source, but I think its petty to tell that same user who opened the PR you should have donated money instead of tokens.
Beggars in fact can be choosers. If I give a beggar a rotten sandwich he can look at it and say "nah, I'm good". He can even be less polite and call me names for trying to give him food that is not good to eat. Why would I do that anyway? Well, maybe because I'm trying to build an image that I am a charitable person but I don't want to actually have the effort and costs of producing for him a fresh sandwich. In this scenario why people would take the beggars side.
You're subtly shifting the framing to defend doing something different than the post describes.
It makes it kind of unclear if you don't understand the difference between using CC to "investigate the codebase" so you can make a change which you (implicitly) do understand versus using an LLM to make a plausible looking PR although in actuality "you do not understand the ticket ... you do not understand the solution ... you do not understand the feedback on your PR"
I think if I was spamming oss projects with ai slop I would appreciate knowing which projects were open to accept my changes.