blog.liw.fiposts2026 On the new SFC recommendations for LLM/generative AI use

The Software Freedom Conservancy has yesterday published recommendations for using large language models / generative AI for free and open source contributions. It's better than I thought it was, based on initial reactions from my peers, but I am disappointed.

They make 14 recommendations. I have notes on each, with my summary. I won't quote the whole thing, but you can refer to the original to fact check my summary.

They've invented the term "LLM-gen-AI" to refer to the systems in questions. It's a particularly cumbersome term to use, even technically accurate. I'm going simplify by saying "these systems". Accuracy should not impede comprehension and the term they use isn't helping, I think.

I note that I value humans, collaboration, and long-term benefits over convenience, speed of development, and short-term wins. This colors my reaction to the recommendations.

  • Recommendation 1: "Support those who reject these systems."

    • I agree. I am, of course, biased, given one that rejects.

  • Recommendation 2: "Everyone should get to decide for themselves."

    • I'm happy to let people decide for themselves, when their decision has no impact on others. However, these systems are a systemic problem, because a lot of money and effort is being spent to push their use everywhere and for everything. In many ways this resembles smoking.

    • Systemic problems are not solved by individual action. "If only everyone would do the right thing" is a recipe for failure and capitulation.

  • Recommendation 3: "Don't shun contributors who use these systems. Review their contributions."

    • My view of the free and open source world is by necessity rather myopic. However, I've very rarely seen people being shunned for using these systems. I have seen people being blocked for continuing to use them after being told not to.

    • I've seen people refuse to even review such contributions. For my personal projects, I will do so myself. Even reviewing such changes takes the fun away, and takes up time I would rather use for something else.

  • Recommendation 4: "Contributors should review the changes they submit."

    • This seems reasonable, but smells of "if only everyone...". I'm too cynical to hope this will happen most of the time. While the recommendation is valid, I do not find it useful to recommend unrealistic things.

  • Recommendation 5: "Be clear what system was used and how."

    • This again seems reasonable, but has the same smell again. Also, I do not see the incentive for contributors to do this. It makes it more likely their contribution is rejected.

  • Recommendation 6: "Use bots only when allowed."

    • Reasonable, but with the same smell again.

    • They make the argument that this is to avoid putting more burden on project maintainers. That's a valid argument, but ignores all the other problems with these systems.

  • Recommendation 7: "Keep records of what system was used and how."

    • This is a corollary to number 5. It increases the burden on making contributions using these systems unless and until tooling is developed and used. It also puts more burden on the project accepting the contributions, because now there's more to review and keep track of.

    • I see the point, but I'm not happy where I think this will lead.

  • Recommendation 8: "Legal status of generated code is unknown."

    • This is spoken like a lawyer, which is how the SFC works, so that's understandable.

    • However, from a moral and ethical point of view, I find this to be a clear situation.

    • Further, laws change. The people who stand to massively benefit from copyright-washing becoming legal are pushing for changes.

  • Recommendation 9: "Sometimes the legal situation is clear."

    • I'm glad they included this point: if the system is given a specific software project as input and generates code based on that, the output is a derived work and the source license applies.

    • No notes. I'm not a lawyer, anyway.

  • Recommendation 10: "Copyleft everything."

    • I am in favor of this, in general. However, I don't agree that a copyleft license is the right solution for all contexts.

    • I have a growing feeling that licensing is merely a tool, and not always the best way to advance software freedom in the long term. But I'll need to develop this into actual thoughts, and I'm not yet ready to talk in public about this.

    • Also, few free and open source projects have the resources to defend their licenses. This is work the SFC does, but they can only tackle a few cases. Licenses seem to only really help against those who would follow them mostly voluntarily. Big tech companies mostly don't care, if they think they can get away with violating them.

  • Recommendation 11: "It's OK to use these systems to build FOSS."

    • This again entirely ignores all other concerns than software freedom. It only worries about using these systems, because they're proprietary.

    • Overall, this smacks like a recommendation to use proprietary systems.

  • Recommendation 12: "Help make these systems become more FOSS."

    • Maybe this is possible. I strongly doubt it.

  • Recommendation 13: "Don't use these systems too much. Don't be hurt by them."

    • Protect yourself is always a good idea. If you don't take care of yourself, you can't help others.

    • Again, seems like a recommendation to use these systems.

  • Recommendation 14: "Be careful."

    • At the surface this seems like a good recommendation, if one assumes any use of these systems can ever be OK.

Overall, I do not agree with this set of recommendations. I think the SFC means well, but I also think they're misguided and should not accept these systems as inevitable.

I'm aware that their point of view is purely the software freedom one, but I don't accept that as sufficient. Software freedom cannot survive if people don't.