s/Django/the codebase/g, and the point stands against any repo for which there is code review by humans:
> If you do not understand the ticket, if you do not understand the solution, or if you do not understand the feedback on your PR, then your use of LLM is hurting Django as a whole.
> Django contributors want to help others, they want to cultivate community, and they want to help you become a regular contributor. Before LLMs, this was easier to sense because you were limited to communicating what you understood. With LLMs, it’s much easier to communicate a sense of understanding to the reviewer, but the reviewer doesn’t know if you actually understood it.
> In this way, an LLM is a facade of yourself. It helps you project understanding, contemplation, and growth, but it removes the transparency and vulnerability of being a human.
> For a reviewer, it’s demoralizing to communicate with a facade of a human.
> This is because contributing to open source, especially Django, is a communal endeavor. Removing your humanity from that experience makes that endeavor more difficult. If you use an LLM to contribute to Django, it needs to be as a complementary tool, not as your vehicle.
I am going to try to make these points to my team, because I am seeing a huge influx of AI-generated PRs where the submitter interacts with CodeRabbit etc. by having Claude/Codex respond to feedback on their behalf.
There is little doubt that if we as an industry fail to establish and defend a healthy culture for this sort of thing, it's going to lead to a whole lot of rot and demoralization.
AI autocomplete and suggestions built-in to Jira are making our ticket tracker so goddamn spammy that I’m 100% sure that “feature” has done more harm than good.
I don’t think anybody’s tracking the actual net-effects of any of this crap on productivity, just the “vibes” they get in the moment, using it. “I got my part of this particular thing done so fast!”
I believe that to be the case, in part, because not a lot of organizations are usefully tracking overall productivity to begin with. Too hard, too expensive. They might “track” it, but so poorly it’s basically meaningless. I don’t think they’ve turned that around on a dime just to see if the c-suite’s latest fad is good or bad (they never want a real answer to that kind of question anyway)
Ironically my favorite use of claude is removing caring about jira from my workflow. I already didn't care about it but now i dont have to spend any time on it.
I treat jira like product owners treat the code. Which is infinitely humorous to me.
> I am going to try to make these points to my team, because I am seeing a huge influx of AI-generated PRs where the submitter interacts with CodeRabbit etc. by having Claude/Codex respond to feedback on their behalf.
Are people generally unhappy with the outcomes of this? As anecdotally, it does seem to pass review later on. Code is getting through this way.
It's slippery. You're swamped with low-effort PRs, can't possibly test and review all of them. You will become a visible bottleneck, and guess whether it's easier to defend quality vs. getting "a lot of features". If you're tied by your salary as a reviewer, you will have to let go, and at the same time you'll suffer the consequences of the "lack of oversight" when things go south.
This is getting really out of control at the moment and I'm not exactly sure what the best way to fix it is, but this is a very good post in terms of expressing the why this is not acceptable and why the burden if shifting on the wrong people.
Will humans take this to heart and actually do the right thing? Sadly, probably not.
One of the main issues is that pointing to your GitHub contributions and activity is now part of the hiring process. So people will continue to try to game the system by using LLMs to automate that whole process.
"I have contributed to X, Y, and Z projects" - when they actually have little to no understanding of those projects or exactly how their PR works. It was (somehow) accepted and that's that.
I agree with the sentiment but I am not sure the best way to go forward.
Suppose I encounter a bug in a FOSS library I am using. Suppose then that I fix the bug using Claude or something. Suppose I then thoroughly test it and everything works fine. Isn’t it kind of selfish to not try and upstream it?
I like the idea of donating money instead of tokens. I think django contributors are likely to know how to spend those tokens better than I might, as I am not a django core contributor.
Some projects ( https://news.ycombinator.com/item?id=46730504 ) are setting a norm to disclose AI usage. Another project simply decided to pause contributions from external parties ( https://news.ycombinator.com/item?id=46642012 ). Instead of accepting driveby pull requests, contributors have to show a proof of work by working with one of the other collaborators.
There's definitely an aspect here where the commons or good will effort of collaborators is being infringed upon by external parties who are unintentionally attacking their time and attention with low quality submissions that are now cheaper than ever to generate. It may be necessary to move to a more private community model of collaboration ( https://gnusha.org/pi/bitcoindev/CABaSBax-meEsC2013zKYJnC3ph... ).
Instead of people buying the tokens themselves, they should just donate the money to the core contributors and let those people decide how to spend on tokens.
With my type of development, I haven't run into the types of things, directly, that you very well explained, but I have personally run into the pain, I confess, of being OVERLY reliant on LLMs. I continue to try and learn from those hard lessons and develop a set of best practices in using AI to help me avoid those pain points in the future. This growing set of best practices is helping me a lot. The reason that I liked your article is because it confirmed some of those best practices that I have had to learn the hard way. Thanks!
Think most people recognize though that AI can generate more than humans can reviewing so the model does need to change somehow. Either less AI on submitting side or more on reviewing side (if that’s even viable)
It's like every new innovation at this point is exacerbating the problem of us choosing short term rewards over long time horizon rewards. The incentive structure simply doesn't support people who want to view things from the bird's eye view. Once you see game theory, you really can't unsee it.
This is what happens when governments around the world spend decades inflating the currency to pay for their bloated projects, devaluing peoples savings and paycheques and causing them to prioritise making money over anything else. You kinda gotta do it to survive.
game theory doesn't expand into continuous rounds of interactions over the course of a lifetime where previous rounds' outcomes are either reset or persist based on other actors entering the game from the open world, so it really is an inferior framework for evaluating long-term strategies.
Great message but I wonder if the people who do everything via LLM would even care to read such a message.
And at what point is it hard/impossible to judge whether something is entirely LLM or not? I sometimes struggle a lot with this being OSS maintainer myself
"the people who do everything via LLM". That's a bit of a straw man characterization. I don't believe that there are many professional developers "do everything with an LLM'. I don't even know what that statement means.
They do exist; if "professional" means "hired" it has no bearing on quality, it is not in any shape equivalent to "judicious" nor "careful". If salary goes into "push features" that's gonna be the only incentive.
I watched someone ask Claude to replace all occurrences of a string instead of using a deterministic operation like “Find and Replace” available in the very same VSCode window they prompted Claude from.
On a widely used open source project I maintain I've been seeing PRs in the last month that are a little off (look okayish but are trivial or trying to solve problems in weird ways), and then when I look at their account they started opening PRs within the last few weeks, and have opened hundreds of PRs spread over hundreds of repositories.
Curious what simon thinks about using an LLM to work on Django...
I've used an LLM to create patches for multiple projects. I would not have created said work without LLMs. I also reviewed the work afterward and provided tests to verify it.
> This isn’t about whether you use an LLM, it’s about whether you still understand what’s being contributed. What I see now is people who are using LLMs to generate the code and write the PR description and handle the feedback from the PR review. It’s to the extent where I can’t tell if there’d be a difference if the reviewer had just used the LLM themselves. And that is a big problem.
[…]
> If you use an LLM to contribute to Django, it needs to be as a complementary tool, not as your vehicle.
Perhaps we should start making LLM- open source projects (clearly marked as such). Created by LLMs, open for LLM contributions, with some clearly defined protocols I'd be interesting where it would go. I imagine it could start as a project with a simple instruction file to include in your project to try to find abstractions which can be useful to others as a library and look for specific kind of libraries. Some people want to help others even if they are sharing effectively money+time rather than their skill.
Although I'm afraid big part of these LLM contributions may be people trying to build their portfolio. Some known project contributor sounds better than having some LLM generated code under your name.
> If you do not understand the ticket, if you do not understand the solution, or if you do not understand the feedback on your PR, then your use of LLM is hurting Django as a whole.
You'd have to manage the contributions, or get your AI bots to manage them or something, but it would be great to have honeypots like this to attract all the low effort LLM slop.
Actually, I'd want to see that. All the AI companies keep saying it will take our jobs, human developers won't be necessary.
Well let them put their money where their mouth is. Let's see what happens, see what the agents create or fail to create. See if we end up with a new OS, kernel all the way up to desktop environment.
By what metric is “the level of quality is much, much higher” in the Django codebase? ‘cause other than the damn thing actually working, the primary metric of a codebase being high quality is how easy it is to contribute to. And evidently, it’s not.
Have you spent much time with the Django codebase?
I remember when I was getting started with Django in the 0.9 days most of the assistance you got on the IRC channel was along the lines of "it's in this file here in the source, read it, understand it, and if you still have a question come back and ask again". I probably learned more about writing idiomatic Python from that than anything else.
genuine question: if the maintainer burden keeps scaling like this, does it change the calculus for startups building on top of OSS projects with small core teams? feels like dependency risk that doesn't show up in any due diligence.
It is not pride to have your name associated with an open source project, it is pride that the code works and the change is efficient. The reviewer should be on top of that.
and I hope an army of OpenClaw agents calls out the discrimination, so gatekeepers recognize that they have to coexist with this species
I love Django. Ive been using it professionally and on side projects extensively for the past 10 years. Plus I maintain(ed) a couple highly used packages for Django (django-import-export and django-dramatiq).
Last year, I had some free time to try to contribute back to the framework.
It was incredibly difficult. Difficult to find a ticket to work on, difficult to navigate the codebase, difficult to get feedback on a ticket and approved.
As such, I see the appeal of using an LLM to help first time contributors. If I had Claude code back then, I might have used it to figure out the bug I was eventually assigned.
I empathize with the authors argument tho. God knows what kind of slop they are served everyday.
This is all to say, we live in a weird time for open source contributors and maintainers. And I only wish the best for all of those out there giving up their free time.
Dont have any solutions ATM, only money to donate to these folks.
There is a clear correlation between the rise in LLM use and the volume of PRs and bug reports. Unfortunately, this has predominately increased the volume of submissions and not the overall quality. My view of the security issues reported, many are clearly LLM generated and at face value don't seem completely invalid, so they must be investigated. There was a recent Django blog post about this [1].
The fellows and other volunteers are spending a much greater amount of time handling the increased volume.
I agree somewhat, as I deal with an internal legacy codebase that's pretty hard to follow, and I use Gemini, Claude, etc to help learn, debug solutions and even propose solutions. But there's a big difference in using it as a learning tool and just having the LLM "do it". I see little value in first time contributors just leaning on an LLM to just do it.
I applied to the djangonauts twice - but was rejected both times. I always liked the idea, but perhaps my profile was not what they were looking for /shrug
Now, what we’ve been told about models is that they’re only as good as their training data. And so languages with gargantuan amounts of training data ought to fare best, right? Turns out that models kind of universally suck at Python and Javascript (comparatively). The top performing languages (independent of model) are C#, Racket, Kotlin, and standing at #1 is Elixir.
I think they don't understand what milquetoast actually means, as the post defintiely isn't - django quite clearly asserted themselves and their rules.
What the parent comment was probably trying to say was something like "a completely reasonable, uncontroversial post that I'm glad to see them make", but chose milquetoast (a word that no normal human ever uses - and certainly not in casual conversation) due to an affectation of one kind or another.
On the contrary, they could have stated their points much more bluntly and strongly than they did in the post. I had the same impression upon reading it.
Milquetoast perfectly describes it, I am happy to see less common words used around here (specially when the convey the intended meaning this precisely), and I find claiming "affectation" of the person who used it unnecessarily rude.
I feel like open source is taking the wrong stance here. There’s a lot of gatekeeping, first. And second, this approach is like trying to stop a tsunami with an umbrella.
AI is here to stay. We can’t stop it, for much we try.
I feel the successful OS projects will be the ones embracing the change, not stopping it. For example, automating code reviews with AI.
When you waste time trying to deal with "AI" generated pull-requests, in your free time, you might change your mind.
I share code because I think it might be useful to others. Until very recently I welcomed contributions, but my time is limited and my patience has become exhausted.
I'm sorry I no longer accept PRs, but at the same time I continue to make my code available - if minor tweaks can be made to make that more useful for specific people they still have the ability to do that, I've not hidden my code and it is still available for people to modify/change as they see fit.
> I feel the successful OS projects will be the ones embracing the change, not stopping it.
Yes, you feel. And the author feels differently. We don't have evidence of what the impact of LLMs will be on a project over the long term. Many people are speculating it will be pure upside, this author is observing some issues with this model and speculating that there will be a detriment long-term.
The operative word here is "speculating." Until we have better evidence, we'll need to go with our hunches & best bets. It is a good thing that different people take different approaches rather than "everyone in on AI 100%." If the author is wrong time will tell.
I disagree, this looks like the first signs that mass producing AI code without understanding hits a bottleneck at human systems. These open source responses have been necessary because of the volume of low quality contributions. It’ll be interesting to watch the ideas develop, because I agree that AI is here to stay.
OSS projects usually has culture which adopting quality aimed development practices much faster that commercial projects (because of cost of adoption) so it looks like same concerns eventually will hit other kind of projects.
I disagree with that. I can easily tell when my non-native English speaking coworkers use AI to help with their communications. Nine times out of ten, their communication has been improved through the use of AI.
if only there was a difference between native languages aiming at lossy fluency (feels better) and programming languages aiming at deterministic precision.
> Use an LLM to develop your comprehension. Then communicate the best you can in your own words, then use an LLM to tweak that language. If you’re struggling to convey your ideas with someone, use an LLM more aggressively and mention that you used it. This makes it easier for others to see where your understanding is and where there are disconnects.
> There needs to be understanding when contributing to Django. There’s no way around it. Django has been around for 20 years and expects to be around for another 20. Any code being added to a project with that outlook on longevity must be well understood.
> There is no shortcut to understanding. If you want to contribute to Django, you will have to spend time reading, experimenting, and learning. Contributing to Django will help you grow as a developer.
> While it is nice to be listed as a contributor to Django, the growth you earn from it is incredibly more valuable.
> So please, stop using an LLM to the extent it hides you and your understanding. We want to know you, and we want to collaborate with you.
This advice is 95% not actionable and 100% not verifiable. It's full of hand-wavy good intentions. I understand completely where it's coming from, but 'trying to stop a tsunami with an umbrella' is a very good analogy - on one side, you have the above magical thinking, on the other, petaflops of compute which improve their reasoning capabilities exponentially.
It's eminently actionable -- the Django maintainers can decide their sensitivity/tolerance for false positives and operate from there. That's what every other open source project is doing.
(Again, I must emphasize that this is not telling people to not use LLMs, any more than telling people to wear a seatbelt would somehow be telling them to not drive a car.)
"Spending your tokens to support Django by having an LLM work on tickets is not helpful. You and the community are better off donating that money to the Django Software Foundation instead."
Beggars can't be choosers. I decide how and what I want to donate. If I see a cool project and I want to change something (in what I think) is an improvement, I'll clone it, have CC investigate the codebase and do the change I want, test it and if it works nicely I'll open a PR explaining why I think this is a good change.
If the maintainers don't want to merge it for whatever reasons that's fine and nature of open source, but I think its petty to tell that same user who opened the PR you should have donated money instead of tokens.
You're subtly shifting the framing to defend doing something different than the post describes.
It makes it kind of unclear if you don't understand the difference between using CC to "investigate the codebase" so you can make a change which you (implicitly) do understand versus using an LLM to make a plausible looking PR although in actuality "you do not understand the ticket ... you do not understand the solution ... you do not understand the feedback on your PR"
> If you do not understand the ticket, if you do not understand the solution, or if you do not understand the feedback on your PR, then your use of LLM is hurting Django as a whole.
> Django contributors want to help others, they want to cultivate community, and they want to help you become a regular contributor. Before LLMs, this was easier to sense because you were limited to communicating what you understood. With LLMs, it’s much easier to communicate a sense of understanding to the reviewer, but the reviewer doesn’t know if you actually understood it.
> In this way, an LLM is a facade of yourself. It helps you project understanding, contemplation, and growth, but it removes the transparency and vulnerability of being a human.
> For a reviewer, it’s demoralizing to communicate with a facade of a human.
> This is because contributing to open source, especially Django, is a communal endeavor. Removing your humanity from that experience makes that endeavor more difficult. If you use an LLM to contribute to Django, it needs to be as a complementary tool, not as your vehicle.
I am going to try to make these points to my team, because I am seeing a huge influx of AI-generated PRs where the submitter interacts with CodeRabbit etc. by having Claude/Codex respond to feedback on their behalf.
There is little doubt that if we as an industry fail to establish and defend a healthy culture for this sort of thing, it's going to lead to a whole lot of rot and demoralization.
I don’t think anybody’s tracking the actual net-effects of any of this crap on productivity, just the “vibes” they get in the moment, using it. “I got my part of this particular thing done so fast!”
I believe that to be the case, in part, because not a lot of organizations are usefully tracking overall productivity to begin with. Too hard, too expensive. They might “track” it, but so poorly it’s basically meaningless. I don’t think they’ve turned that around on a dime just to see if the c-suite’s latest fad is good or bad (they never want a real answer to that kind of question anyway)
I treat jira like product owners treat the code. Which is infinitely humorous to me.
If something's not happening, something else's making it impractical.
Are people generally unhappy with the outcomes of this? As anecdotally, it does seem to pass review later on. Code is getting through this way.
Will humans take this to heart and actually do the right thing? Sadly, probably not.
One of the main issues is that pointing to your GitHub contributions and activity is now part of the hiring process. So people will continue to try to game the system by using LLMs to automate that whole process.
"I have contributed to X, Y, and Z projects" - when they actually have little to no understanding of those projects or exactly how their PR works. It was (somehow) accepted and that's that.
Suppose I encounter a bug in a FOSS library I am using. Suppose then that I fix the bug using Claude or something. Suppose I then thoroughly test it and everything works fine. Isn’t it kind of selfish to not try and upstream it?
It was so easy prior to AI.
Some projects ( https://news.ycombinator.com/item?id=46730504 ) are setting a norm to disclose AI usage. Another project simply decided to pause contributions from external parties ( https://news.ycombinator.com/item?id=46642012 ). Instead of accepting driveby pull requests, contributors have to show a proof of work by working with one of the other collaborators.
Another project has started to decline to let users directly open issues ( https://news.ycombinator.com/item?id=46460319 ).
There's definitely an aspect here where the commons or good will effort of collaborators is being infringed upon by external parties who are unintentionally attacking their time and attention with low quality submissions that are now cheaper than ever to generate. It may be necessary to move to a more private community model of collaboration ( https://gnusha.org/pi/bitcoindev/CABaSBax-meEsC2013zKYJnC3ph... ).
edit: Also I applaud the debian project for their recent decision to defer and think harder about the nature of this problem. https://news.ycombinator.com/item?id=47324087
Instead of people buying the tokens themselves, they should just donate the money to the core contributors and let those people decide how to spend on tokens.
Think most people recognize though that AI can generate more than humans can reviewing so the model does need to change somehow. Either less AI on submitting side or more on reviewing side (if that’s even viable)
I watched someone ask Claude to replace all occurrences of a string instead of using a deterministic operation like “Find and Replace” available in the very same VSCode window they prompted Claude from.
I've used an LLM to create patches for multiple projects. I would not have created said work without LLMs. I also reviewed the work afterward and provided tests to verify it.
[…]
> If you use an LLM to contribute to Django, it needs to be as a complementary tool, not as your vehicle.
Although I'm afraid big part of these LLM contributions may be people trying to build their portfolio. Some known project contributor sounds better than having some LLM generated code under your name.
> If you do not understand the ticket, if you do not understand the solution, or if you do not understand the feedback on your PR, then your use of LLM is hurting Django as a whole.
You'd have to manage the contributions, or get your AI bots to manage them or something, but it would be great to have honeypots like this to attract all the low effort LLM slop.
Well let them put their money where their mouth is. Let's see what happens, see what the agents create or fail to create. See if we end up with a new OS, kernel all the way up to desktop environment.
I remember when I was getting started with Django in the 0.9 days most of the assistance you got on the IRC channel was along the lines of "it's in this file here in the source, read it, understand it, and if you still have a question come back and ask again". I probably learned more about writing idiomatic Python from that than anything else.
It is not pride to have your name associated with an open source project, it is pride that the code works and the change is efficient. The reviewer should be on top of that.
and I hope an army of OpenClaw agents calls out the discrimination, so gatekeepers recognize that they have to coexist with this species
Last year, I had some free time to try to contribute back to the framework.
It was incredibly difficult. Difficult to find a ticket to work on, difficult to navigate the codebase, difficult to get feedback on a ticket and approved.
As such, I see the appeal of using an LLM to help first time contributors. If I had Claude code back then, I might have used it to figure out the bug I was eventually assigned.
I empathize with the authors argument tho. God knows what kind of slop they are served everyday.
This is all to say, we live in a weird time for open source contributors and maintainers. And I only wish the best for all of those out there giving up their free time.
Dont have any solutions ATM, only money to donate to these folks.
The fellows and other volunteers are spending a much greater amount of time handling the increased volume.
[1] https://www.djangoproject.com/weblog/2026/feb/04/recent-tren...
That ticket now just sits there. The implementation is done, the review is done, there are no objections. But it's not merged.
I think something is deeply wrong and I have no idea what it is.
If this is done, you should update it so it appears in the review queue.
Yea, who needs performance or security in a web framework!?
Heck the longer I live, the more I realize AI is catching my mistakes.
Do what the Django team does, and be of service to the public!
I challange you to prove that Django is sloppier than your LLM-Version
Meanwhile, a different take:
Now, what we’ve been told about models is that they’re only as good as their training data. And so languages with gargantuan amounts of training data ought to fare best, right? Turns out that models kind of universally suck at Python and Javascript (comparatively). The top performing languages (independent of model) are C#, Racket, Kotlin, and standing at #1 is Elixir.
https://news.ycombinator.com/item?id=47410349
What the parent comment was probably trying to say was something like "a completely reasonable, uncontroversial post that I'm glad to see them make", but chose milquetoast (a word that no normal human ever uses - and certainly not in casual conversation) due to an affectation of one kind or another.
Milquetoast perfectly describes it, I am happy to see less common words used around here (specially when the convey the intended meaning this precisely), and I find claiming "affectation" of the person who used it unnecessarily rude.
I feel the successful OS projects will be the ones embracing the change, not stopping it. For example, automating code reviews with AI.
I share code because I think it might be useful to others. Until very recently I welcomed contributions, but my time is limited and my patience has become exhausted.
I'm sorry I no longer accept PRs, but at the same time I continue to make my code available - if minor tweaks can be made to make that more useful for specific people they still have the ability to do that, I've not hidden my code and it is still available for people to modify/change as they see fit.
Yes, you feel. And the author feels differently. We don't have evidence of what the impact of LLMs will be on a project over the long term. Many people are speculating it will be pure upside, this author is observing some issues with this model and speculating that there will be a detriment long-term.
The operative word here is "speculating." Until we have better evidence, we'll need to go with our hunches & best bets. It is a good thing that different people take different approaches rather than "everyone in on AI 100%." If the author is wrong time will tell.
You'll have to embrace the `ccc` compiler first, lol
> Use an LLM to develop your comprehension. Then communicate the best you can in your own words, then use an LLM to tweak that language. If you’re struggling to convey your ideas with someone, use an LLM more aggressively and mention that you used it. This makes it easier for others to see where your understanding is and where there are disconnects.
> There needs to be understanding when contributing to Django. There’s no way around it. Django has been around for 20 years and expects to be around for another 20. Any code being added to a project with that outlook on longevity must be well understood.
> There is no shortcut to understanding. If you want to contribute to Django, you will have to spend time reading, experimenting, and learning. Contributing to Django will help you grow as a developer.
> While it is nice to be listed as a contributor to Django, the growth you earn from it is incredibly more valuable.
> So please, stop using an LLM to the extent it hides you and your understanding. We want to know you, and we want to collaborate with you.
This advice is 95% not actionable and 100% not verifiable. It's full of hand-wavy good intentions. I understand completely where it's coming from, but 'trying to stop a tsunami with an umbrella' is a very good analogy - on one side, you have the above magical thinking, on the other, petaflops of compute which improve their reasoning capabilities exponentially.
(Again, I must emphasize that this is not telling people to not use LLMs, any more than telling people to wear a seatbelt would somehow be telling them to not drive a car.)
"Spending your tokens to support Django by having an LLM work on tickets is not helpful. You and the community are better off donating that money to the Django Software Foundation instead."
Reading beyond the first line makes it clear that the problem is a lack of comprehension, not LLM use itself. Quoting:
> This isn’t about whether you use an LLM, it’s about whether you still understand what’s being contributed.
If the maintainers don't want to merge it for whatever reasons that's fine and nature of open source, but I think its petty to tell that same user who opened the PR you should have donated money instead of tokens.
It makes it kind of unclear if you don't understand the difference between using CC to "investigate the codebase" so you can make a change which you (implicitly) do understand versus using an LLM to make a plausible looking PR although in actuality "you do not understand the ticket ... you do not understand the solution ... you do not understand the feedback on your PR"