I think this would be an excellent addition to help develop the software.
I can probably do:
- webmin
- virtualmin
- authentic theme
i have some tokens to burn, lol
1 Like
We need a downvote button…
2 Likes
No.
Our use of AI is very restricted and much more heavily reviewed than human contributions (all three of us look at every agent-produced bit of code), and we generally won’t be accepting outside AI-developed code because it’s really hard to review if it’s not designed around being easy to review: Small, specific changes, with test coverage for the change and a description that indicates the original behavior was understood and the new behavior well thought out.
As I’ve said, we’re not completely opposed to LLM-produced code in Webmin, but it’s viewed with high suspicion and the cost of reviewing it is higher for that reason, even when Ilia or I produce it. So, we wouldn’t want to encourage it at this point. Many OSS projects have even turned off outside PRs. The calculus of accepting outside code has changed, and the tendency is that if there’s an idea for some feature or change in the project someone wants to see and it’s able to be easily/quickly made by an AI, we’d rather drive the agent ourselves rather than have a third-party PR.
We’re in weird times, and there’s a lot of dangerous stuff happening with AI-generated PRs (e.g. backdoors subtly baked in), so we have to be so suspicious of anything that comes in from someone we don’t know. (We know you, and we wouldn’t need to assume nefarious intent on your part, but it would still need significant vetting, and agents left to their own devices produce extremely verbose code. Hard to read, hard to review.)
Anyway, it used to be that if someone submitted a PR with working code, you could assume the contributor had taken time to read and understand the code, and spent some time spelunking in the project to understand it. Now, that assumption no longer holds true.
Claude is impressive, don’t get me wrong, and we’re using it where we’re comfortable trusting it (security auditing where we mostly write or heavily review the fixes, writing test suites and improving our static analysis coverage…things we can prove are right and safe one way or another). But, big dumps of Claude written code from new contributors would be uncomfortable and expensive.
2 Likes
I understand your point of view in regards to code submission, however the presence of a CLAUDE.md do not prevent or enable AI slop code submissions to your repos.
Someone can still make code with claude, not tell you and then submit it.
The presence of this file reduces token burn for someone like me having a poke around, learning, diagnosing issues.
If your rules are that all code should be checked or made by a human is still compatible with this thought.
That should be covered by developer docs for humans not by an agent-specific doc. Claude can read developer docs, too. I’ll try to improve that situation.
1 Like
Believe me, we’d know. I can generally spot agent-written code and prose immediately.
But, also, hopefully no one will do that.
3 Likes