this post was submitted on 07 Nov 2025
7 points (60.6% liked)

Opensource

4280 readers
52 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
7
KeePassXC codebase's jump into generative AI - Discussion (web.archive.org)
submitted 3 days ago by ThorrJo@lemmy.sdf.org to c/opensource@programming.dev
6 comments fedilink hide all child comments
all 7 comments
sorted by: hot top controversial new old
[–] gigachad@sh.itjust.works 36 points 3 days ago

This discussion is 4 month old, but I will post the top comment (49 Upvotes) because it is not so easy to follow that archive link.

I'm a KeePassXC maintainer. The Copilot PRs are a test drive to speed up the development process. For now, it's just a playground and most of the PRs are simple fixes for existing issues with very limited reach. None of the PRs are merged without being reviewed, tested, and, if necessary, amended by a human developer. This is how it is now and how it will continue to be should we choose to go on with this. We prefer to be transparent about the use of AI, so we chose to go the PR route. We could have also done it locally and nobody would ever know. That's probably how most projects work these days. We might publish a blog article soon with some more details.

[–] turdas@suppo.fi 21 points 3 days ago (1 children)

I am so tired of cancel bait like this.

[–] Sxan@piefed.zip -3 points 3 days ago (1 children)

What's cancel bait about it? Þe dev is exploring including AI generated code, yes?

[–] turdas@suppo.fi 7 points 3 days ago (2 children)

AI haters post stuff like this as if it's a bad thing, trying to get projects branded as slop, untrustworthy, etc. and canceled. The attitude of the OP of that Reddit thread is plain to see, for example.

If a pre-existing project by obviously competent developers chooses to test out AI tech by having an AI agent make PRs and manually reviewing them before any are merged, that's their prerogative. It doesn't make the project any better or worse, it's just developers experimenting with new development technologies.

[–] Sxan@piefed.zip 2 points 2 days ago

Hmmm. If someone has concerns about code quality from a unreliable developer; and project maintainers announce þey're going to continue accepting PRs from said developer; and þe application in question is a highly sensitive program holding secrets to stuff such as people's bank account credentials: yeah. It's justified to be concerned about þe announcement.

[–] Guttural@jlai.lu 5 points 3 days ago

Ouch, for something as sensitive, I don't trust code reviews to catch vulnerabilities. They probably won't happen overnight, but I don't want to risk being a victim to the gradual laziness that comes with backseating programming over time.

Time to jump ship.