Software Freedom Conservancy has published a new set of recommendations for developers and maintainers in a document titled “Recommendations When Using LLM-backed Generative AI Systems for FOSS Contributions,” dealing with LLM-backed generative AI systems in free and open-source software projects.
The company is a nonprofit dedicated to software freedom, copyleft compliance, and supporting free and open-source software projects, providing legal and organizational assistance, advocating for the right to repair, and giving guidance on licensing and user freedom.
Importantly, SFC describes these recommendations as best practices rather than requirements or mandates. They are intended for contributors who use LLM-backed generative AI systems in FOSS projects, particularly when these tools assist with code contributions.
SFC clarifies that project maintainers may reject AI-assisted contributions. It supports leaders who adopt a zero-tolerance policy for LLM-generated contributions, stressing that maintainers’ review burdens and project policies should be respected.
However, SFC does not advocate excluding contributors who use these tools. Instead, it recommends that contributors disclose AI use, thoroughly review generated output, and avoid submitting unvetted patches.
A central recommendation is human responsibility. SFC states that contributors must thoroughly review LLM-assisted or generated contributions prior to submission and should fully understand the code they provide, rather than depending solely on AI output.
Regarding transparency, SFC advises contributors to fully disclose how and when an LLM-backed generative AI system was used, including the tool, its version, and a brief explanation of its role, and to record this information in machine-readable format in commit logs.
The document also warns against submitting unattended AI-generated contributions. SFC advises that such contributions should only be made where a project has explicitly welcomed them; otherwise, they should be considered unwelcome.
In short, the document does not reject the use of LLM-backed systems entirely and acknowledges that these tools can sometimes accelerate FOSS improvements and may be used strategically. At the same time, however, it warns contributors not to overuse them or let their technical skills decline.
The SFC’s message is clear: projects may reject AI-generated contributions, contributors should be transparent about AI use, and maintainers should not be expected to review unvetted automated output. Additionally, until legal questions are resolved, the SFC considers copyleft the safest option for AI-assisted FOSS work.
