<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<div dir="auto" style="font-family: Aptos, Aptos_MSFontService, -apple-system, Roboto, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(33, 33, 33);">
Hi,</div>
<div dir="auto" style="font-family: Aptos, Aptos_MSFontService, -apple-system, Roboto, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(33, 33, 33);">
<br>
</div>
<div dir="auto" style="font-family: Aptos, Aptos_MSFontService, -apple-system, Roboto, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(33, 33, 33);">
I think you got the point, I wasn't pushing to poison the agent.md in order to push back people in a negative way. I was sharing it because the idea of this kind of honeypot at the moment is the most effective that I saw in other projects. Than it can be tweaked
in different way. But the core idea is that bots or vibe coders don't read the policy, and this is a way to tell immediately the mantainers that the user hasn't readed the code.</div>
<div dir="auto" style="font-family: Aptos, Aptos_MSFontService, -apple-system, Roboto, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(33, 33, 33);">
<br>
</div>
<div style="font-family: Aptos, Aptos_MSFontService, -apple-system, Roboto, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(33, 33, 33);" dir="auto">
Regards, Ludovico</div>
<div dir="auto" id="mail-editor-reference-message-container" class=""><br>
<hr style="display: inline-block; width: 98%;">
<div id="divRplyFwdMsg" style="font-size: 11pt;" dir="auto"><b>Da:</b> Tim Sutton <tim@kartoza.com><br>
<b>Inviato:</b> martedì, giugno 23, 2026 10:54:25 PM<br>
<b>A:</b> Ludovico Toscano <ludovico.toscano@tigis.ch><br>
<b>Cc:</b> Alessandro Pasotti <apasotti@gmail.com>; Nyall Dawson <nyall.dawson@gmail.com>; Vincent Picavet <vincent.ml@oslandia.com>; qgis-developer <qgis-developer@lists.osgeo.org><br>
<b>Oggetto:</b> Re: [QGIS-Developer] R: Tightening AI submission policy?<br>
</div>
<br>
<div dir="auto" class="gmail_default" style="font-family: arial, sans-serif; font-size: 13.5pt;">
Hi</div>
<div dir="auto"><br>
</div>
<div dir="auto" class="gmail_attr">On Tue, Jun 23, 2026 at 9:19 AM Ludovico Toscano via QGIS-Developer <<a href="mailto:qgis-developer@lists.osgeo.org">qgis-developer@lists.osgeo.org</a>> wrote:</div>
<blockquote style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left: 1px solid rgb(204, 204, 204);">
<div dir="auto" class="msg-1696784423420642264" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Hi,</div>
<div class="msg-1696784423420642264" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="auto" class="msg-1696784423420642264" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I'm a small contribuitor of qgis, it's my first time posting here and I was interest by this discussion.</div>
<div class="msg-1696784423420642264" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="auto" class="msg-1696784423420642264" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I have an idea which is saw implemented in ghostty, to prevent contribution from bot or vibe coders. Basically the author of the repo has made a honeypot for these agents, he has made a AGENTS.md and a CLAUDE.md where in the last line of the document he tell
the model to make a md file that saing "I am a sad, dumb little AI driver with no real skills." His idea is simple, if the author of the pr doesn't read the diff of the pr he will not notice that the LLM has added this file and this trigger a immediate ban.</div>
<div class="msg-1696784423420642264" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="auto" class="msg-1696784423420642264" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<a href="https://github.com/ghostty-org/ghostty/blob/main/AGENTS.md" target="_blank">https://github.com/ghostty-org/ghostty/blob/main/AGENTS.md</a></div>
<div class="msg-1696784423420642264" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="auto" class="msg-1696784423420642264" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I hope this can be usefull, given that a bot or vibe coder will not read the policy like he's not reading the code this solution can be a first filter.</div>
</blockquote>
<div dir="auto" class="gmail_quote gmail_quote_container"><br>
</div>
<div dir="auto" class="gmail_default" style="font-family: arial, sans-serif; font-size: 13.5pt;">
I don't think degrading people is at all in line with our culture as a project. By all means put guidelines in place as to how AI can be used, but always deal with people in a positive way - for example the same mechanism could be used to add a line into the
patch like "This line was automatically added by your LLM as a validation check. Please remove it before submitting your PR."</div>
<div dir="auto" class="gmail_default" style="font-family: arial, sans-serif; font-size: 13.5pt;">
<br>
</div>
<div dir="auto" class="gmail_default" style="font-family: arial, sans-serif; font-size: 13.5pt;">
Regards</div>
<div dir="auto" class="gmail_quote gmail_quote_container"><br>
</div>
<div dir="auto" class="gmail_default" style="font-family: arial, sans-serif; font-size: 13.5pt;">
Tim</div>
<div dir="auto" class="gmail_quote gmail_quote_container"><br>
</div>
<div dir="auto" class="gmail_quote gmail_quote_container"> </div>
<blockquote style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left: 1px solid rgb(204, 204, 204);">
<div class="msg-1696784423420642264" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="auto" class="msg-1696784423420642264" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Regards, Ludovico.</div>
<div id="m_-1696784423420642264appendonsend"></div>
<hr dir="ltr" style="display: inline-block; width: 98%;">
<div id="m_-1696784423420642264divRplyFwdMsg" dir="auto"><span style="font-family: Calibri, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);"><b>Da:</b> QGIS-Developer <<a href="mailto:qgis-developer-bounces@lists.osgeo.org" target="_blank">qgis-developer-bounces@lists.osgeo.org</a>>
per conto di Vincent Picavet via QGIS-Developer <<a href="mailto:qgis-developer@lists.osgeo.org" target="_blank">qgis-developer@lists.osgeo.org</a>><br>
<b>Inviato:</b> martedì, 23 giugno 2026 08:56<br>
<b>A:</b> Alessandro Pasotti <<a href="mailto:apasotti@gmail.com" target="_blank">apasotti@gmail.com</a>>; Nyall Dawson <<a href="mailto:nyall.dawson@gmail.com" target="_blank">nyall.dawson@gmail.com</a>><br>
<b>Cc:</b> qgis-developer <<a href="mailto:qgis-developer@lists.osgeo.org" target="_blank">qgis-developer@lists.osgeo.org</a>><br>
<b>Oggetto:</b> Re: [QGIS-Developer] Tightening AI submission policy?</span>
<div dir="auto"> </div>
</div>
<p dir="ltr" class="msg-1696784423420642264"><span style="font-family: monospace;">Hello,</span></p>
<p dir="ltr" class="msg-1696784423420642264"><span style="font-family: monospace;">Thanks for this proposal, I can only be in favor of a stricter policy.</span></p>
<p dir="ltr" class="msg-1696784423420642264"><span style="font-family: monospace;">I would also add a specific item on IP, even if I do not like pushing the burden to contributors while have no way of ensuring IP compliance.</span></p>
<p dir="ltr" class="msg-1696784423420642264"><span style="font-family: monospace;">In the line of : </span></p>
<p dir="ltr" class="msg-1696784423420642264"><span style="font-family: monospace;">- "By contributing to this project, you are responsible to ensure that you have the corresponding and sufficient intellectual property rights on all contributed code without
exception to comply to this project's opensource licences and IP policies. Note that code generated by LLM has a high probability of copyright infringement."</span></p>
<dl><dt>
<div dir="auto" class="msg-1696784423420642264">Also a few resources for inspiration. I think if we can reuse other's positions word by word (if the idea is the same), it makes opensource project's position as a community stronger. Maybe we will end up converging
towards a kind of standard opensource policy on AI, and that would be good for everyone ( and then one day the opensource world sues proprietary LLMs for copyright infringement, but that's another story).</div>
</dt></dl>
<p dir="ltr" class="msg-1696784423420642264">- NLnet; Policy on the use of Generative Artificial Intelligence for NLnet-funded projects :
<a href="https://nlnet.nl/foundation/policies/generativeAI/" target="_blank" style="margin-top: 0px; margin-bottom: 0px;">
https://nlnet.nl/foundation/policies/generativeAI/</a><br>
- Using LLMs Responsibly - Responsible AI Guide : <a href="https://responsibleai.guide/" target="_blank" style="margin-top: 0px; margin-bottom: 0px;">
https://responsibleai.guide/</a><br>
- LLM-gen-AI - Software Freedom Conservancy : <a href="https://sfconservancy.org/llm-gen-ai/llm-backed-generative-ai-recommendations.html" target="_blank" style="margin-top: 0px; margin-bottom: 0px;">
https://sfconservancy.org/llm-gen-ai/llm-backed-generative-ai-recommendations.html</a></p>
<p dir="ltr" class="msg-1696784423420642264">Regards,</p>
<p dir="ltr" class="msg-1696784423420642264">Vincent</p>
<p dir="ltr" class="msg-1696784423420642264"><br>
</p>
<p dir="ltr" class="msg-1696784423420642264"><br>
</p>
<p dir="ltr" class="msg-1696784423420642264"><span style="font-family: monospace;"><br>
</span></p>
<div dir="auto" class="msg-1696784423420642264">On 23/06/2026 07:10, Alessandro Pasotti via QGIS-Developer wrote:</div>
<blockquote>
<pre><div dir="auto" class="msg-1696784423420642264">Big +1
It's probably hard to put in clear terms (and forgive my English), but
I think that the criteria should be even stricter than "contribute
only what you understand":
"Do not contribute anything that you wouldn't have been fully capable
of writing on your own without any AI assistance."
or
"Contribute only what you could have done by yourself without any AI
assistance."
Tthis makes it more likely that you will be able to fix or improve
your work if needed.
On Tue, Jun 23, 2026 at 1:47 AM Nyall Dawson via QGIS-Developer
<a href="mailto:qgis-developer@lists.osgeo.org" target="_blank"><qgis-developer@lists.osgeo.org></a> wrote:
</div></pre>
<blockquote>
<pre><div dir="auto" class="msg-1696784423420642264">Hi lists,
Following recent discussions and conflict within the PostGIS community, I would like us to consider tightening our AI submission policy to hopefully avoid similar conflict arising in our community.
I would propose that we move away from our current (quite permissive) "human in the loop" policy (see <a href="https://github.com/qgis/QGIS-Enhancement-Proposals/blob/master/qep-408-ai-tool-policy.md" target="_blank">https://github.com/qgis/QGIS-Enhancement-Proposals/blob/master/qep-408-ai-tool-policy.md</a> ) to something more restrictive, such as what the GDAL project has done. See <a href="https://github.com/OSGeo/gdal/blob/33399bf734f48a6727050ccd13a43575d43f6bf4/doc/source/community/ai_tool_policy.rst" target="_blank">https://github.com/OSGeo/gdal/blob/33399bf734f48a6727050ccd13a43575d43f6bf4/doc/source/community/ai_tool_policy.rst</a>).
In short, GDAL's policy is:
Contributors can make limited use of LLMs for contributions in GDAL, subject to details mentioned below:
- Human contributors must be the primary author(s) of GDAL contributions
- All contributions including code, ticket comments, and commit messages should be fully understood by the author(s) submitting them to the project.
- Submission of vibe-coded contributions is banned.
- LLMs may only be used as an improved auto-completion mechanism, or for repeated tasks (mechanical refactoring) that could potentially be completed with a deterministic algorithm.
- Human-coordinated or uncoordinated (OpenClaw, etc) use of agents for submission of contributions to the GDAL repository is banned.
- Any LLM usage must be indicated by ticket label, comment, or commit message indication and account for what was written by whom/what.
- The contributing human author is ultimately responsible for every line of code, comment, or mailing list interaction they initiate, and all of it is subject to the project's :ref:`code_of_conduct`.
- The typical high verbosity of LLM code and text is actively discouraged. More code is more code to maintain. High verbosity contribution (tickets, code, messages, etc) will be seen as indication of LLM-generated content when not labeled otherwise and may be ignored, closed, left unmerged, or removed at maintainers' discretion.
I personally think a combination of GDAL policy + borrowing the "contribute only what you understand" term from Godot's current policy (see <a href="https://contributing.godotengine.org/en/latest/pull_requests/pull_request_guidelines.html#ai-assisted-contributions" target="_blank">https://contributing.godotengine.org/en/latest/pull_requests/pull_request_guidelines.html#ai-assisted-contributions</a> could be a good step forward. Specifically this clause:
Contribute only what you understand
Only submit code that you fully understand and are prepared to explain to a maintainer. This especially applies if you implement the idea of another person, copy code from elsewhere, or if you use AI to assist you with your contribution. In all of these cases, you must disclose which part of your submission wasn't fully authored by you.
Thoughts?
Nyall
_______________________________________________
QGIS-Developer mailing list
<a href="mailto:QGIS-Developer@lists.osgeo.org" target="_blank">QGIS-Developer@lists.osgeo.org</a>
List info: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-developer" target="_blank">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a>
Unsubscribe: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-developer" target="_blank">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a>
</div></pre>
</blockquote>
</blockquote>
<div dir="auto" class="msg-1696784423420642264">_______________________________________________<br>
QGIS-Developer mailing list<br>
<a href="mailto:QGIS-Developer@lists.osgeo.org" target="_blank">QGIS-Developer@lists.osgeo.org</a><br>
List info: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-developer" target="_blank" rel="noreferrer">
https://lists.osgeo.org/mailman/listinfo/qgis-developer</a><br>
Unsubscribe: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-developer" target="_blank" rel="noreferrer">
https://lists.osgeo.org/mailman/listinfo/qgis-developer</a></div>
</blockquote>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">--</div>
<div dir="auto" class="gmail_signature"><br>
</div>
<div dir="auto" class="gmail_signature" style="color: rgb(34, 34, 34);">Tim Sutton</div>
<div dir="auto" class="gmail_signature" style="color: rgb(34, 34, 34);"><b>Kartoza Cofounder<br>
</b><span style="color: rgb(32, 33, 36);">Tim is a member of the QGIS Project Steering Committee</span></div>
<div dir="auto" class="gmail_signature" style="color: rgb(34, 34, 34);"><b><br>
</b></div>
<div dir="auto" class="gmail_signature" style="color: rgb(34, 34, 34);"><b>T </b>
: +27(0) 87 809 2702 <b>E </b>:<b> </b><span style="color: rgb(17, 85, 204);"><a href="mailto:tim@kartoza.com" target="_blank" style="color: rgb(17, 85, 204);">tim@kartoza.com</a></span>
<b>W</b> : <span style="color: rgb(17, 85, 204);"><a href="http://kartoza.com/" target="_blank" style="color: rgb(17, 85, 204);">kartoza.com</a></span></div>
<div dir="auto" class="gmail_signature" style="color: rgb(34, 34, 34);"><br>
</div>
<div dir="auto" class="gmail_signature" style="color: rgb(34, 34, 34);"><i><img src="https://kartoza.com/files/KartozaEmailSignature.gif" width="420" height="77" style="width: 420px; height: 77px;"></i></div>
<div dir="auto" class="gmail_signature" style="color: rgb(34, 34, 34);"><i><br>
</i></div>
<div dir="auto" class="gmail_signature" style="color: rgb(34, 34, 34);"><i>This email and any attachments are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you </i></div>
<div dir="auto" class="gmail_signature" style="color: rgb(34, 34, 34);"><i>have received this email in error, please notify the sender immediately and delete it from your system. Unauthorised use, disclosure, or copying</i></div>
<div dir="auto" class="gmail_signature" style="color: rgb(34, 34, 34);"><i>of the contents is prohibited.</i></div>
<br>
</div>
</body>
</html>