About KeePassXC’s Code Quality Control

On Mastodon I've seen many hard commens and concerns against KeePassXC's change in contribution policy and README to require code submissions disclose the use of AI. Which was very confusing to me, to say the least. Given the negativity I looked at their latest blog post which explains this futher.

[The maintainers would] rather have [contributors] transparently disclose the use of AI than hide it and submit the code against our terms. According to our policy, any significant use of AI in a pull request must be disclosed and labelled. As of writing, we have 7 open and 11 closed AI-assisted pull requests. Feel free to check and review them yourself; it’s all open and transparent. If you spot any actual issues with the code that we missed, please tell us.

This seems to make perfect sense, their contribution policy requires that contributors disclose the service and/or model used to generate code. Xe has a good post on using an "Assited-by" footer to commits to disclose the use of AI. They also talked about how this method of documenting AI tools might make it useful to maintainers to spot repeatedly bad models or services. If this is useful is yet to be discovered given how new this is.

The maintainers themselves use GitHub Copilot already and the code iterated on by the LLM is available for inspection by the public and as part of code reviews an AI review is conducted in addition to all the additional human and linter checks. Nothing in this process has changed besides requiring disclosure of AI tools by contributors.

Manual do Usuário also commented on KeePassXC's blog and shares much the same opinion as mine. At this time I cannot find any comprehsive comments or write-ups with valid concerns against disclosing AI tools used in commits to link here.