This is bad.
-
@theorangetheme @xgranade here are the commits on `main` where it's explicitly a co-author:
```
$ git log --oneline -i --grep "Co-authored-by: Claude.*anthropic\.com"
59f247e43bc gh-115952: Fix a potential virtual memory allocation denial of service in pickle (GH-119204)
5b1862bdd80 gh-87512: Fix `subprocess` using `timeout=` on Windows blocking with a large `input=` (GH-142058)
cc6bc4c97f7 GH-134453: Fix subprocess memoryview input handling on POSIX (GH-134949)
532c37695d0 gh-137134: Update SQLite to 3.50.4 for binary releases (GH-137135)
```@SnoopJ @theorangetheme There's a few more that list it in the PR thread but that don't list it as a co-author. Still, I agree, it's a fairly limited problem so far. My worry is that I don't see any mechanism for keeping that scope limited going forward.
-
@SnoopJ @theorangetheme There's a few more that list it in the PR thread but that don't list it as a co-author. Still, I agree, it's a fairly limited problem so far. My worry is that I don't see any mechanism for keeping that scope limited going forward.
@xgranade @theorangetheme yea I didn't mean to minimize the impact, just wanted to share the cantrip I've been using to check this when I run into the same thing
-
@xgranade it's extremely worrying, yeah. it's probably too big to fork
@ireneista Especially because you need to also fork the whole governance model around it.
-
@SnoopJ @theorangetheme There's a few more that list it in the PR thread but that don't list it as a co-author. Still, I agree, it's a fairly limited problem so far. My worry is that I don't see any mechanism for keeping that scope limited going forward.
-
@xgranade @theorangetheme yea I didn't mean to minimize the impact, just wanted to share the cantrip I've been using to check this when I run into the same thing
@SnoopJ @theorangetheme No, absolutely. I see this as the leading indicator rather than the damage itself, if that makes sense?
I keep using the term "AI-vulnerable" to try and point to that there isn't necessarily an actual direct impact, so much as a dramatically increased vulnerability surface area.
-
@ireneista Especially because you need to also fork the whole governance model around it.
@xgranade yeah. we think it's highly likely there are too many specific people with specific knowledge for that to work...
this isn't a particularly helpful observation, but we should probably never have put so many eggs in one basket to begin with
-
@xgranade yeah. we think it's highly likely there are too many specific people with specific knowledge for that to work...
this isn't a particularly helpful observation, but we should probably never have put so many eggs in one basket to begin with
@xgranade though, of course, it's hard to see what else we could have done
-
@ireneista Especially because you need to also fork the whole governance model around it.
@xgranade @ireneista "do you have five million dollars of disposable income to fund an alternative to the PSF" is a good place to start, if you want to frame it as a "hostile fork" situation. the only solution is to get involved in the messy process of politics and governance and try to figure out a way to negotiate a durable peace
-
@xgranade @ireneista "do you have five million dollars of disposable income to fund an alternative to the PSF" is a good place to start, if you want to frame it as a "hostile fork" situation. the only solution is to get involved in the messy process of politics and governance and try to figure out a way to negotiate a durable peace
@xgranade @ireneista unless you do have $5MM++ in which case, uh, cool, very happy for you
-
@xgranade @ireneista "do you have five million dollars of disposable income to fund an alternative to the PSF" is a good place to start, if you want to frame it as a "hostile fork" situation. the only solution is to get involved in the messy process of politics and governance and try to figure out a way to negotiate a durable peace
-
@xgranade @ireneista "do you have five million dollars of disposable income to fund an alternative to the PSF" is a good place to start, if you want to frame it as a "hostile fork" situation. the only solution is to get involved in the messy process of politics and governance and try to figure out a way to negotiate a durable peace
@glyph @ireneista One of those domino memes that starts with Calibre cutting a new release and topples into "Cassandra Granade runs for PSF Board."
I just seriously do not want to. But I agree, getting into the messy politics is the only way forward with Python in particular.
-
@cap_ybarra @xgranade @sparks they do not take fash money, but they seem to be happily using a machine that is intrinsically inseparable from fash values anyway...
-
@theorangetheme @xgranade I don't want to sell CPython's review process and test suite short here, nor the high quality of the work that Serhiy and Gregory do on the core. I don't subscribe to the theory that it's automatically bad work on technical merit because of the tools.
But it *does* carry the taint of corporate influence, exposure to financial instability, and ethical/aesthetic unpleasantness, and I find that very regrettable.
-
@glyph @ireneista One of those domino memes that starts with Calibre cutting a new release and topples into "Cassandra Granade runs for PSF Board."
I just seriously do not want to. But I agree, getting into the messy politics is the only way forward with Python in particular.
-
@theorangetheme @xgranade I don't want to sell CPython's review process and test suite short here, nor the high quality of the work that Serhiy and Gregory do on the core. I don't subscribe to the theory that it's automatically bad work on technical merit because of the tools.
But it *does* carry the taint of corporate influence, exposure to financial instability, and ethical/aesthetic unpleasantness, and I find that very regrettable.
@theorangetheme I do agree with @xgranade that it's a leading indicator, especially if the scope of use grows…
-
@cap_ybarra @xgranade @sparks they do not take fash money, but they seem to be happily using a machine that is intrinsically inseparable from fash values anyway...
-
@theorangetheme I do agree with @xgranade that it's a leading indicator, especially if the scope of use grows…
@theorangetheme @xgranade and possibly a compromise of the Code of Conduct, if Anthropic drops their commitment to not building weapons and turns Claude into another genocide machine at DOD's behest, as it seems they would like to/are being pressured to do.
(that ship has probably sailed on account of e.g. using GitHub in the first place)
-
@xgranade though, of course, it's hard to see what else we could have done
@ireneista If there's any monolithic overly centralized dependency that makes sense to take on, it's the language itself.
It would have been nice if alternative implementations like PyPy, IronPython, and Jython could have taken off, but extension modules are just too important to leave out.
-
This is bad. This is very, very bad.
I'm not trying to pick on Python here, I pick it because Python is something I'm actively using, and so I have a vested interest in the project *not* being AI-vulnerable.
But it's not good, chat. It's very far from good, in fact.
@xgranade is it "i'm afraid of what it touched" or "i'm displeased it happened at all"?
Because I'm definitely the latter, it's not practical for me to die on that hill.
The former is at least tractable.
-
This is bad. This is very, very bad.
I'm not trying to pick on Python here, I pick it because Python is something I'm actively using, and so I have a vested interest in the project *not* being AI-vulnerable.
But it's not good, chat. It's very far from good, in fact.
@xgranade you shouldn't really be judging the code authors, but rather the maintainers. writing code is usually easier than reviewing it.
