Should AI-Generated Code Be Accepted in Open Source? Debian’s Ongoing Debate

Background

In February, Debian developer Lucas Nussbaum submitted a draft resolution asking the Debian community to decide whether contributions generated with the assistance of artificial intelligence (AI) should be accepted. The proposal is not a ban on AI tools but an attempt to define a clear policy for AI‑assisted contributions.

Proposed Core Rules

If a patch or piece of code is generated by an AI system, the contributor must explicitly mark it as such.

The person submitting the AI‑generated contribution must understand the code, and accept full responsibility for its quality, security, and licensing compliance.

Confidential or proprietary project data must never be fed into AI tools that could retain or expose that information.

Potential Impact on Newcomer Onboarding

Simon Richter highlighted an “onboarding problem”. Traditionally, new contributors learn by:

Fixing a small bug.

Improving documentation.

Submitting a modest patch.

These tasks are reviewed by maintainers, providing mentorship and gradually building the contributor’s expertise. If AI can produce equivalent patches instantly, the workflow may shift to: AI → generated patch → maintainer review instead of the traditional: newcomer → patch → maintainer review In the worst case, a human contributor becomes merely a copy‑and‑paste intermediary between the AI system and the maintainer, reducing the opportunity for skill development and community integration.

Trust and Risk Concerns

Several technical and ethical concerns were raised:

Copyright and licensing: Large‑scale AI models are often trained on publicly scraped code, including copyrighted material, without explicit permission from authors.

Energy consumption: Training and inference of large language models require substantial computational resources, contributing to a high carbon footprint.

Quality and noise: AI can generate low‑quality patches, duplicate existing code, or produce spurious bug reports, potentially flooding projects with noisy contributions.

Security: Undetected vulnerabilities or backdoors could be introduced by AI‑generated code that has not been thoroughly vetted.

Some participants argued that Debian should publicly oppose generative AI, while others countered that code quality is a general issue independent of the tool used.

Current Debian Stance

After weeks of heated discussion, the community did not reach a formal vote. Lucas Nussbaum chose to postpone the decision, leaving the existing contribution guidelines unchanged. The provisional consensus is to continue handling AI‑related contributions on a case‑by‑case basis, applying the three rules where possible.

Broader Implications for Open‑Source Governance

The debate reveals a deeper shift: the long‑standing assumption that contributors are human is being challenged. As AI systems become capable of producing code, the open‑source ecosystem must decide whether AI is merely a tool or a new class of contributor. This raises fundamental questions about:

Community governance – how to attribute authorship and enforce licensing when code originates from an opaque model.

Talent cultivation – how to preserve mentorship pathways that develop human expertise.

Future collaboration models – how to integrate AI assistance without compromising the collaborative ethos of open source.

At present, the Debian project acknowledges that it is not yet prepared to define a definitive policy, and the wider open‑source community will likely face similar decisions in the coming years.