<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">Hi, I agree AI is making the plugin's
ecosystem being boosted, with all the good and bad sides you
mentioned. </div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">I like the idea of a field in
metadata.txt for a spontaneous disclosure.</div>
<div class="moz-cite-prefix">From what we see on PR's or security
disclosures is that some AI users are reluctant to reveal they
worked with AI. And probably, many dev's will use a bit of AI
autocompletion most of the time. </div>
<div class="moz-cite-prefix">It takes some rounds of discussions to
spot that they don't fully understand the code they produced,
which is the famous AI slop. </div>
<div class="moz-cite-prefix">So in my opinion, we should be able to
use a `ai_possible_derivative` flag as moderators, from the
plugin's catalog. Maybe it is time to set up a full community
discussion and voting system, just as internet browsers do for
plugins. <br>
One should be able to signal a malicious, or badly coded plugin
triggering crashes. And moderators should be able to ban / alert /
flag plugins beyond the volontary metadata.txt tooling. And maybe
we would have to add automated scanners for security security,
code smells, and now AI smells.. </div>
<div class="moz-cite-prefix"><br>
Maybe Lova could tell us about ho this is doable, and if we have
the resources to do this this year. </div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Cheers</div>
<div class="moz-cite-prefix">Régis</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 2/9/26 14:36, Admire Nyakudya via
QGIS-Developer wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0e90eaf4-1149-4b12-bea4-1ed99db42aa3@gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<p>Dear All</p>
<p>The rapid proliferation of AI tools has led to a noticeable
increase in QGIS plugins being created and uploaded to the
registry. </p>
<p>The bonus points for these new plugin are:</p>
<ul>
<li>functionality gaps are being filled faster</li>
<li>workflows are consolidated</li>
<li>innovation is happening at pace. </li>
</ul>
<p><br>
However, it also introduces new challenges for the QGIS plugin
ecosystem, particularly around trust, review, and governance.<br>
<br>
While responsibility ultimately lies with end users to decide
which plugins they trust, the growing use of AI-assisted or
AI-generated code raises additional concerns beyond those
already discussed in recent QGIS pull requests/code base related
to AI usage. </p>
<p>The plugin approval process relies heavily on volunteer effort
and with the many plugins being uploaded we have to rely heavily
on authors to submit high-quality, secure, and maintainable
code. <br>
<br>
The plugin review process is not focused on code review but does
so in limited circumstances. End users rely on author
reputation, plugin ratings— as indicators to trust the plugin
quality and usefulness.<br>
<br>
To improve transparency and support informed decision-making, it
may be worth introducing an optional metadata flag in <b>metadata.txt</b>,
for example:<br>
<br>
<b>ai_derivative = yes</b><br>
<br>
All existing plugins could default to no, with the flag applied
to new or updated plugins going forward. This would not act as a
quality judgement, but rather as a disclosure mechanism,
allowing users to filter plugins and assess trust based on their
own criteria, alongside authorship and plugin rating.</p>
<p>Regards</p>
<p>Admire (Active plugin reviewer)<br>
<br>
</p>
<div class="moz-signature">-- <br>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, initial-scale=1.0">
<title>Email Signature</title>
<style>.signature {
font-family: 'Arial Black', Gadget, sans-serif;
font-size: 16px;
color: #333;
max-width: 500px;
margin: 0 auto;
text-align: center;
}.signature h1 {
font-size: 24px;
margin-bottom: 5px;
color: #007bff;
}.signature p {
margin: 5px 0;
text-align: center;
}.signature a {
color: #007bff;
text-decoration: none;
}.social-media {
list-style: none;
padding: 0;
margin-top: 10px;
}.social-media li {
display: inline-block;
margin-right: 10px;
}</style>
<div class="signature">
<p>GIS Engineer</p>
<p>Location: <a href="https://w3w.co/amused.thunder.wins"
moz-do-not-send="true">Geolocate me here</a></p>
<p>Phone: <a href="tel:+27639664031" moz-do-not-send="true">+27639664031</a></p>
<p>Email: <a href="mailto:addloe@gmail.com"
class="moz-txt-link-freetext" moz-do-not-send="true">addloe@gmail.com</a></p>
<p>Social Media:</p>
<ul class="social-media">
<li><a href="https://www.linkedin.com/in/mazano-gis-geek"
moz-do-not-send="true">LinkedIn</a></li>
<li><a href="https://github.com/NyakudyaA"
moz-do-not-send="true">GitHub</a></li>
<!-- Add more social media links as needed -->
</ul>
</div>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre wrap="" class="moz-quote-pre">_______________________________________________
QGIS-Developer mailing list
<a class="moz-txt-link-abbreviated" href="mailto:QGIS-Developer@lists.osgeo.org">QGIS-Developer@lists.osgeo.org</a>
List info: <a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/qgis-developer">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a>
Unsubscribe: <a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/qgis-developer">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a>
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>