Source URL: https://simonwillison.net/2025/May/12/contributing-to-servo/#atom-everything
Source: Simon Willison’s Weblog
Title: Quoting Contributing to Servo
Feedly Summary: Contributions must not include content generated by large language models or other probabilistic tools, including but not limited to Copilot or ChatGPT. This policy covers code, documentation, pull requests, issues, comments, and any other contributions to the Servo project. […]
Our rationale is as follows:
Maintainer burden: Reviewers depend on contributors to write and test their code before submitting it. We have found that these tools make it easy to generate large amounts of plausible-looking code that the contributor does not understand, is often untested, and does not function properly. This is a drain on the (already limited) time and energy of our reviewers.
Correctness and security: Even when code generated by AI tools does seem to function, there is no guarantee that it is correct, and no indication of what security implications it may have. A web browser engine is built to run in hostile execution environments, so all code must take into account potential security issues. Contributors play a large role in considering these issues when creating contributions, something that we cannot trust an AI tool to do.
Copyright issues: […] Ethical issues:: […] These are harms that we do not want to perpetuate, even if only indirectly.
— Contributing to Servo, section on AI contributions
Tags: ai-ethics, browsers, servo, ai-assisted-programming, generative-ai, ai, llms
AI Summary and Description: Yes
Summary: The text outlines a policy for the Servo project that prohibits contributions from AI-generated content to ensure code quality, security, and ethical considerations. This is particularly relevant for professionals engaged in AI security and software development who must navigate the complexities of integrating AI tools while maintaining high standards of correctness and security in code contributions.
Detailed Description: The Servo project has established a policy that prohibits contributions made using large language models (LLMs) or other AI tools. This stance is underscored by several critical concerns that could significantly impact software security, correctness, and ethical practices within the broader AI landscape:
* **Maintainer Burden**:
– Reviewers depend on contributors to write and test their code.
– AI tools can generate large volumes of code that contributors may not fully understand.
– Such untested and poorly understood code imposes a significant burden on maintainers, leading to inefficiencies.
* **Correctness and Security**:
– Generated code’s correctness is questionable; there’s no assurance it functions as intended.
– Security implications of AI-generated code are often obscured, creating potential risks.
– Given that a web browser engine must operate in hostile environments, all contributions must necessarily account for security vulnerabilities, which AI tools struggle to address reliably.
* **Ethical and Copyright Issues**:
– The policy also reflects concerns about perpetuating ethical harms, emphasizing the responsibility of contributors to create well-considered and original contributions.
This policy is a crucial step in ensuring that AI tools do not undermine the quality, security, and ethical standards of software development, particularly in projects where security is paramount. For security and compliance professionals, this highlights the ongoing tension between leveraging AI capabilities and ensuring adherence to high standards in software development.
* **Implications for AI and Software Security**:
– Encourages critical examination of AI contributions in coding practices.
– Reinforces the need for skilled human oversight in code review processes.
– Provokes discussion on the ethical ramifications of AI-assisted programming, especially in open-source projects.
In summary, the Servo project’s policy serves as a cautionary example for professionals evaluating the integration of AI in software development, particularly focusing on security, ethical considerations, and the implications for maintainers and contributors alike.