Open source culture developed an allergy to gatekeeping that made sense when the risk was excluding talented people.
-
Open source culture developed an allergy to gatekeeping that made sense when the risk was excluding talented people. It makes less sense when the risk is thousands of LLM-generated PRs that change variable names to slightly worse variable names.
The case for gatekeeping, or: why medieval guilds had it figured out
Every open source maintainer I've talked to in the last six months has the same complaint: the absolute flood of mass-produced, AI-generated, mass-submitted slop requests have turned their repositories into a slush pile. The contributions look like contributions, they have commit messages, they reference issues and they follow templates etc.
Westenberg. (www.joanwestenberg.com)
-
Open source culture developed an allergy to gatekeeping that made sense when the risk was excluding talented people. It makes less sense when the risk is thousands of LLM-generated PRs that change variable names to slightly worse variable names.
The case for gatekeeping, or: why medieval guilds had it figured out
Every open source maintainer I've talked to in the last six months has the same complaint: the absolute flood of mass-produced, AI-generated, mass-submitted slop requests have turned their repositories into a slush pile. The contributions look like contributions, they have commit messages, they reference issues and they follow templates etc.
Westenberg. (www.joanwestenberg.com)
@Daojoan You might be on to something!
-
Open source culture developed an allergy to gatekeeping that made sense when the risk was excluding talented people. It makes less sense when the risk is thousands of LLM-generated PRs that change variable names to slightly worse variable names.
The case for gatekeeping, or: why medieval guilds had it figured out
Every open source maintainer I've talked to in the last six months has the same complaint: the absolute flood of mass-produced, AI-generated, mass-submitted slop requests have turned their repositories into a slush pile. The contributions look like contributions, they have commit messages, they reference issues and they follow templates etc.
Westenberg. (www.joanwestenberg.com)
@Daojoan The funny thing about bringing up Debian's web-of-trust is that in order to become an official Debian Developer, you used to have to meet up with another Developer *in person* to sign PGP keys. It took me almost a year to complete that step, when I lived in a podunk town without a car (I had to hitch a ride with a friend to NYC and coordinate meeting up with another DD there).
Things changed with covid: https://lwn.net/Articles/831401/. However, in The Slopocene, we may need to switch back..
-
Open source culture developed an allergy to gatekeeping that made sense when the risk was excluding talented people. It makes less sense when the risk is thousands of LLM-generated PRs that change variable names to slightly worse variable names.
The case for gatekeeping, or: why medieval guilds had it figured out
Every open source maintainer I've talked to in the last six months has the same complaint: the absolute flood of mass-produced, AI-generated, mass-submitted slop requests have turned their repositories into a slush pile. The contributions look like contributions, they have commit messages, they reference issues and they follow templates etc.
Westenberg. (www.joanwestenberg.com)
@Daojoan “before the libertarian-leaning contingent of Hacker News has a collective aneurysm” but would that be so bad?
-
@Daojoan “before the libertarian-leaning contingent of Hacker News has a collective aneurysm” but would that be so bad?
@puercomal i don't want no deaths on my shoulders
-
@Daojoan The funny thing about bringing up Debian's web-of-trust is that in order to become an official Debian Developer, you used to have to meet up with another Developer *in person* to sign PGP keys. It took me almost a year to complete that step, when I lived in a podunk town without a car (I had to hitch a ride with a friend to NYC and coordinate meeting up with another DD there).
Things changed with covid: https://lwn.net/Articles/831401/. However, in The Slopocene, we may need to switch back..
"The Slopocene"
-
@Daojoan The funny thing about bringing up Debian's web-of-trust is that in order to become an official Debian Developer, you used to have to meet up with another Developer *in person* to sign PGP keys. It took me almost a year to complete that step, when I lived in a podunk town without a car (I had to hitch a ride with a friend to NYC and coordinate meeting up with another DD there).
Things changed with covid: https://lwn.net/Articles/831401/. However, in The Slopocene, we may need to switch back..
@Andres4NY Slopocene era
️ @Daojoan -
"The Slopocene"
@dancast @Daojoan With apologies to https://en.wikipedia.org/wiki/Eugene_F._Stoermer
-
Open source culture developed an allergy to gatekeeping that made sense when the risk was excluding talented people. It makes less sense when the risk is thousands of LLM-generated PRs that change variable names to slightly worse variable names.
The case for gatekeeping, or: why medieval guilds had it figured out
Every open source maintainer I've talked to in the last six months has the same complaint: the absolute flood of mass-produced, AI-generated, mass-submitted slop requests have turned their repositories into a slush pile. The contributions look like contributions, they have commit messages, they reference issues and they follow templates etc.
Westenberg. (www.joanwestenberg.com)
@Daojoan There is something--beyond the foundational utility of it--charmingly satisfying about this idea. It would also put a "signed" person within a lineage of respect. That kindof cuts both ways and the potential exclusionary results you comment on, but the medieval/Renaissance theme definitely goes deeper than master/apprentice and guilds.
(similarly-but-differently, there's the concept of musical genealogy w/r/t pianists and their teachers reaching back to e.g. Chopin or Liszt)
-
Open source culture developed an allergy to gatekeeping that made sense when the risk was excluding talented people. It makes less sense when the risk is thousands of LLM-generated PRs that change variable names to slightly worse variable names.
The case for gatekeeping, or: why medieval guilds had it figured out
Every open source maintainer I've talked to in the last six months has the same complaint: the absolute flood of mass-produced, AI-generated, mass-submitted slop requests have turned their repositories into a slush pile. The contributions look like contributions, they have commit messages, they reference issues and they follow templates etc.
Westenberg. (www.joanwestenberg.com)
@Daojoan Ha. Yes.
Ben Curthoys (@bencurthoys@mastodon.social)
@Edent maybe I'll do it. Also I'm now imagining some kind of reputational scoring system for IT professionals, so that instead of having to jump through loads of procedural hoops, you can just show them your "Neither Idiot Nor Arsehole" (NINA for short) badge, and they know that you aren't going to outsource their data processing to leaker_r_us.biz or leave the admin password set to "admin".
Mastodon (mastodon.social)
-
Open source culture developed an allergy to gatekeeping that made sense when the risk was excluding talented people. It makes less sense when the risk is thousands of LLM-generated PRs that change variable names to slightly worse variable names.
The case for gatekeeping, or: why medieval guilds had it figured out
Every open source maintainer I've talked to in the last six months has the same complaint: the absolute flood of mass-produced, AI-generated, mass-submitted slop requests have turned their repositories into a slush pile. The contributions look like contributions, they have commit messages, they reference issues and they follow templates etc.
Westenberg. (www.joanwestenberg.com)
@Daojoan Sorry, tech and physical issues are hindering me atm, but yesterday I think I posted about the maintainer of a really important python repository, and when he refused the clawdbot merge, the bot went out and started a website and went on full attack, posting stuff that could have really damaged Scott irl.
Agentic LLM running "autonomous" bots, creates a universe where gatekeepers are imperative.
-
@Daojoan There is something--beyond the foundational utility of it--charmingly satisfying about this idea. It would also put a "signed" person within a lineage of respect. That kindof cuts both ways and the potential exclusionary results you comment on, but the medieval/Renaissance theme definitely goes deeper than master/apprentice and guilds.
(similarly-but-differently, there's the concept of musical genealogy w/r/t pianists and their teachers reaching back to e.g. Chopin or Liszt)
@sstrader @Daojoan This type of approach is needed for vetting news also. For too long, many in the public have considered photo/videographic evidence to be self-evidently true, or we relied on large impersonal institutions to be the source of truth. In the social media era, many fail to even demand basic journalistic competence (documenting when and where the photo was taken).
We need to carefully rebuild a vetting system based on real interactions that have demonstrated reliability, and make sure we don't reproduce segregation and exclusion that currently dominates many of our institutions. -
@puercomal i don't want no deaths on my shoulders
@Daojoan legit
-
Open source culture developed an allergy to gatekeeping that made sense when the risk was excluding talented people. It makes less sense when the risk is thousands of LLM-generated PRs that change variable names to slightly worse variable names.
The case for gatekeeping, or: why medieval guilds had it figured out
Every open source maintainer I've talked to in the last six months has the same complaint: the absolute flood of mass-produced, AI-generated, mass-submitted slop requests have turned their repositories into a slush pile. The contributions look like contributions, they have commit messages, they reference issues and they follow templates etc.
Westenberg. (www.joanwestenberg.com)
"The guild was, at bottom, a web of trust backed by skin in the game. You vouched for people. If they turned out to be frauds, you were fucked, too."
I love this and it's how I think about my doctoral students! They've been to my house, they've met my kids and they're invited to Thanksgiving dinner because they're a part of my extended family!
-
@sstrader @Daojoan This type of approach is needed for vetting news also. For too long, many in the public have considered photo/videographic evidence to be self-evidently true, or we relied on large impersonal institutions to be the source of truth. In the social media era, many fail to even demand basic journalistic competence (documenting when and where the photo was taken).
We need to carefully rebuild a vetting system based on real interactions that have demonstrated reliability, and make sure we don't reproduce segregation and exclusion that currently dominates many of our institutions.@DecaturNature @Daojoan And if I see one more image on here with unattributed text I'm going to go crazy.
-
@puercomal i don't want no deaths on my shoulders
@Daojoan @puercomal around your feet is far more convenient if you accept the trip hazard or wear hiking boots.
-
@Daojoan There is something--beyond the foundational utility of it--charmingly satisfying about this idea. It would also put a "signed" person within a lineage of respect. That kindof cuts both ways and the potential exclusionary results you comment on, but the medieval/Renaissance theme definitely goes deeper than master/apprentice and guilds.
(similarly-but-differently, there's the concept of musical genealogy w/r/t pianists and their teachers reaching back to e.g. Chopin or Liszt)
-
R relay@relay.infosec.exchange shared this topic
