romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-15 00:01:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

CONTRIBUTE: add project guidelines for AI use

Browse source 
Feedback-by: Daniel Fosco
Feedback-by: Jimmy Sjölund
Feedback-by: Christoph Jabs
Feedback-by: Manuel Strehl
Feedback-by: Dan Fandrich
Feedback-by: Sarah Gooding

Closes #17325
This commit is contained in:
Daniel Stenberg 2025-05-12 12:55:20 +02:00
parent d59d8530c6
commit a9aafbea95
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 60 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

60
docs/CONTRIBUTE.md
View file

@ -305,3 +305,63 @@ use a smaller header or add the information for a specific file to the
You can manually verify the copyright and compliance status by running the
[REUSE helper tool](https://github.com/fsfe/reuse-tool): `reuse lint`
# On AI use in curl
Guidelines for AI use when contributing to curl.
## For security reports and other issues
If you asked an AI tool to find problems in curl, you **must** make sure to
reveal this fact in your report.
You must also double-check the findings carefully before reporting them to us
to validate that the issues are indeed existing and working exactly as the AI
says. AI-based tools frequently generate inaccurate or fabricated results.
Further: it is *rarely* a good idea to just copy and paste an AI generated
report to the project. Those generated reports typically are too wordy and
rarely to the point (in addition to the common fabricated details). If you
actually find a problem with an AI and you have verified it yourself to be
true: write the report yourself and explain the problem as you have learned
it. This makes sure the AI-generated inaccuracies and invented issues are
filtered out early before they waste more people's time.
As we take security reports seriously, we investigate each report with
priority. This work is both time and energy consuming and pulls us away from
doing other meaningful work. Fake and otherwise made up security problems
effectively prevent us from doing real project work and make us waste time and
resources.
We ban users immediately who submit made up fake reports to the project.
## For pull requests
When contributing content to the curl project, you give us permission to use
it as-is and you must make sure you are allowed to distribute it to us. By
submitting a change to us, you agree that the changes can and should be
adopted by curl and get redistributed under the curl license. Authors should
be explicitly aware that the burden is on them to ensure no unlicensed code is
submitted to the project.
This is independent if AI is used or not.
When contributing a pull request you should of course always make sure that
the proposal is good quality and a best effort that follows our guidelines. A
basic rule of thumb is that if someone can spot that the contribution was made
with the help of AI, you have more work to do.
We can accept code written with the help of AI into the project, but the code
must still follow coding standards, be written clearly, be documented, feature
test cases and adhere to all the normal requirements we have.
## For translation
Translation services help users write reports, texts and documentation in
non-native languages and we encourage and welcome such contributors and
contributions.
As AI-based translation tools sometimes have a way to make the output sound a
little robotic and add an "AI tone" to the text, you may want to consider
mentioning that you used such a tool. Failing to do so risks that maintainers
wrongly dismiss translated texts as AI slop.