Flathub's New AI Policy Has Some Problems

追加: 2026-06-05

[00:00:00]sometimes for, sometimes against, oftent times somewhere in the middle. A lot more projects are making some sort of AI policy. Regardless of your personal stance, if you have a project and you're not the only developer on that project, eventually someone is going to come along who wants to make use of this tooling. Maybe entirely vibe driven.

[00:00:22]Maybe as an assistant, maybe just AI code completion, maybe just as a translation tool for interacting in the issue tracker. Whatever it is, this is going to happen at some point and you have to decide what do I want in my project. One such project that made a choice is Gnome back in December of last year making a change to the Gnome extension store with this extensions must not be AI generated. While it is not prohibited to use AI as a learning aid or a development tool, i.e. code completions, extension developers should be able to justify and explain the code they submit within reason. Submissions with large amounts of unnecessary code, inconsistent code style, imaginary API usage, comments serving as LLM prompts, or other indications of ARI generated output will be rejected. Recently, a similar stance was made over in the Gnome circle as well. Thank you, Fastly.

[00:01:19]I appreciate it. That's part of the reason why they have all of this LLM stuff. But right about here, follow circle's AI policy. It is the exact same text from the extensions. Gnome circle is basically the third-party Gnome applications that follow the Gnome guidelines are promoted by Gnome are treated as part of the Gnome collection of applications. Now the reason I mention Gnome here even though the video is about Flathub in case you didn't know FlatHub exists as a subsidiary of the Gnome Foundation. It is technically a separate organization, but when you have this subsidiary structure, you are going to have a lot of cultural similarities between both organizations. Even if that wasn't the case, a lot of the people that work on Gnome, that work on KDE, that work on Cosmic, also work on FlatHub and Flatpacks as well. So, you would have had that cultural cross-pollination. Anyway, over on Masttodon, Bath Lion posted this alongside a change on the GitHub for FlatHub. This is flat hub, not flat packs. If you want to go and make a flat pack and not follow these changes, you can do that. This is specifically for the flat hub store itself, you can run a third party store. We have updated FlatHub's LLM policy to explicitly disallow AI usage for both the submission process and applications being submitted. We will check out that documentation in just a moment. I've had some reservations about it, so the wording before that commit was relatively milder. I know it's an unpopular opinion on the fediverse, but I do think LLMs are inevitable, and the reality is that you can expect less organically grown code as time goes on.

[00:03:04]I believe it can be a useful tool in and outside of FOS. I hope we will see a large number of apps where authors made some effort beyond prompting an agent.

[00:03:11]Meanwhile, the number of unpleasant interactions I've had with entitled submitters acting as if they were bestowing their brilliant software upon us idiots who are rejecting it went through the roof in the last month. I'm tired. As always, we are not applying this retroactively. So any vibe credited apps which were already published will remain available. This was done in direct response to this. There is a AI slop tag on FlatHub. And as you can see, just in the past day, a bunch of things. And if you just keep going back, pretty much every single day has multiple of these. And remember, most people that are working in the FOS base are not getting paid to do so. And anyone who is getting paid to do so probably isn't getting paid to do this specific work. So this is something which a lot of people have to spend a lot of time dealing with and some of these are actually relatively long conversations that might take multiple weeks of discussion because a lot of things are not necessarily immediately clear. Some of these are just terrible and it's obvious they're terrible but like with curl that's still a lot of wasted time even when you know it is terrible from the start. This here is the new updated policy. I say new and updated because it's not the first iteration. I believe the earliest version, and correct me if I'm wrong here, was this commit here. Add a policy to stop LLM slops on June 19th, 2025.

[00:04:43]This has been updated a number of times.

[00:04:45]There have been formatting changes and things like that. For example, this one, add a more detailed Gen AI policy, but that's all stuff from the past. So, let's take a look at what it is now.

[00:04:56]Adding to the existing policy, this policy applies to both applications being submitted to flatub and the flatub submission itself, including the manifest, metadata, patches, build scripts, and pull request. So, it's not just is the application itself vibecoded, did you make us deal with an agent when you were going through the submission process or did you actually go and make the flat pack yourself? For the purpose of this policy, applications include base apps, extensions, and any other artifacts that can be produced by Flatpack Builder. So, an OBS extension would be included, OBS itself would be included, and then any backend library stuff and things of that nature.

[00:05:40]Effectively, what it is saying is anything being distributed on FlatHub, this policy would apply to during the submission process. and during the submission process is a very key part there that we'll get to a little bit later. Already in the policy, submission pull requests must not be generated, opened, or automated using AI tools or agents. So, if you're trying to submit the package, you have to actually do it yourself. Please do not request review from any AI tools in the submission PR.

[00:06:08]If you wanted to do it outside of that, you wanted to like check what you're doing, that's not something they are against, but it has to be something which you can back up and say, "Yes, this is actually correct. They don't want to deal with talking with an agent." Automated co-pilot reviews on GitHub can be disabled by submitter by going here and changing repository access to exclude the repo or disabling the global automatic code- pilot code review found here. The next bit was removed, but it's not really a policy change. It's more just cleaning up the phrasing. Submissions or changes where most of the code is written by or using AI without any meaningful human input, review, justification, or moderation of the code are not allowed. Submissions or changes having lowquality AI generated or AI assisted code are not allowed.

[00:06:56]Basically, this is already being said in different parts of the policy. It's just restating the same thing. Applications containing AI generated or AI assisted code, documentation or other content are not allowed. This is a minor change from submissions to applications now reading applications or changes containing copyrighted, license incompatible or ethically questionable code are not allowed.

[00:07:20]This is a bit of a weird one. Ethically questionable is very much up to the individual maintainer. It's not the main focus of this, but I do expect that to eventually create some drama. This part here, license incompatible, is not really related directly to the AI stuff, but it does become very relevant with AI as a lot of LLMs basically just do code mixing. I say a lot of them, pretty much all of them do code mixing without any real consideration of the licenses being used. This is leading to some legal cases that are still being ironed out. It's unclear exactly how they're going to go. For the sake of not getting sued in the future, this is a good policy to have though, this specific part, the license incompatible part.

[00:08:11]Same with the copyright part because American stuff like that. These submissions can be rejected without any further notice. Repeatedly violating these policies may result in a permanent ban from future submissions or activities. If you keep trying to break the rules, they will eventually ban you.

[00:08:26]Again, completely reasonable policy to have. And this one bit at the end, exceptions may be granted for mature, well-maintained projects.

[00:08:40]This last part is far more important than you might initially assume it is.

[00:08:47]You might have this assumption that most of the applications you use, most of the applications on flatub, most of the big applications at the very least are not AI generated slop and they're probably not fully AI generated slop. However, AI assisted code is included in the band activities. So, I was curious. Let's actually go to FlatHub and see what would be banned from submission if that last bit wasn't there. Here we have the first page of popular applications. Most of these you've probably heard about. Some of these maybe not like Gear Lever, which is more of like a app image development thing. But for the most part, you've probably at least heard of all of these except maybe the Roblox one because I know a lot of you are not like 15.

[00:09:42]Starting with the ones which are 100% confirmed to be using AI code. No speculation over AI signaling. The ones that specifically report we are using this model. Doing just some basic surface level digging. First up is Telegram desktop. This has Claude as one of the top contributors. Lutress. They made a blog post about this. The latest patch here is with Claude and also Claude is also one of the top contributors. and also gear lever, which is the app image thing we saw before.

[00:10:15]It's not going to be in the top contributors, but if we go to the commit and scroll down just a little bit, Claude is right here. It seems to be mainly using it for like build and CI related things, but it is still using it. On the top list, you might have also seen a number of browsers like Firefox and Brave and Chrome. I think that's all for the first page. Yes. and then various things built with either Electron or web-based tech. So, you have Spotify, you have Thunderbird, OBS makes use of CEF, and I'm sure there's probably another one in here that I am missing. Both Chromium and Firefox have AI policies and their policies are generally in favor of using AI code.

[00:11:02]It's not you have to use AI code. It's just if you want to use it, it's okay to use it. You just have to make sure you document it and understand the code and all that good stuff. So, I know for Chromium, they 100% have AI code. I would assume with how much Mozilla has been pushing it, they have AI code in there by now as well. So, anything using that tech which again includes Thunderbird, Spotify, anything Electronbased, anything that is making use of CF, the Chromium embedded framework at the very least has an AI related dependency.

[00:11:39]Another thing is the cute framework.

[00:11:42]They have been experimenting with AI code. So, there's going to be AI code within cute. Therefore, anything that is a KDE application, anything that is built with cute at the very least has AI code as one of its dependencies. That's not to say that any of those projects would then be directly using it. But because of the way that flatp pack works with having these dependencies that are bundled into the flatp pack because of sandboxing, you would then by necessity have some level of AI code within that project or within the library package that project relies on. Let alone the fact that both the Linux kernel and systemd both allow AI generated code. And the Linux kernel has a couple of engineers that very frequently are making use of this. For example, Sash 11 from Nvidia.

[00:12:31]I know this is kind of stretching the definition of a dependency, but the point here is to illustrate the fact that even if your project is not using AI related code, is not using AI cyst code, vibe code, any sort of that deal, it is basically impossible at this point to have a project that is not using any AI anywhere in the stack. you can try, but you're pretty much going to have to write everything by yourself. Like I mean the entire stack by yourself. Then there are the corporate developed applications which I'm not certain about but I am highly confident that most if not all of them are using AI to some capacity. When it comes to things like VS Code, Microsoft is very open about the fact that they make use of Copilot as should be obvious because C-pilot is their thing. But anything which is proprietary, it's hard to say.

[00:13:29]But I would be very surprised if it wasn't the case. Then you have the other corporate side like Red Hat where they are doing things in this open-source kind of way and Red Hat is very much like hey engineer people that work for Red Hat make use of this tooling test out this tooling. experiment with this tooling and obviously there are projects like Gnome where that doesn't really get involved with but there's going to be a lot of various other things which are going to have AI code just because of that before anyone gets angry and says bro he loves vibe coding now that's not what I'm saying I am saying this is the way it is it is like this that is the world you're in now with this policy there are some edge cases that need to be answered here. For example, someone asked, does this mean any application with AI tools, even things like editor autocomplete, are not allowed to be submitted? That is something not specifically mentioned in the policy. It says AI assisted code, but what is the barrier for AI assisted? A lot of tools have this co-pilot powered auto completion. It's just really advanced tab completion, but it's ultimately just tab completion. Bathline says unlikely to be considered a blocker unless you literally tabbed your entire way through with autocomplete. But this is a good question to ask because it's not specified in the policy. And that I think is the biggest problem with the policy as it currently stands. There is a lot of these fairly reasonable edge case questions which are not being answered. This specific line of unlikely to be considered a blocker and exceptions may be granted for mature well-maintained projects. These are not goals that you can aspire to. These are not check marks you can complete. Excuse the pun. This is a vibe based policy. It is a thing where the person that is currently reviewing the submission, if they feel like the way that you've interacted with your autocomplete looks to AI Cody, well, that's now a problem.

[00:15:50]If the person reviewing it doesn't feel like the project has been around for long enough, has been wellmaintained long enough, well, that project is not allowed. This isn't something you can specifically actually aim towards.

[00:16:04]Obviously, you can just not use any of these AI tools and then it's just not a problem. But as we already established, a lot of things already on FlatHub are making use of these tools and a lot of the things here.

[00:16:21]Would they pass that guideline? Maybe a lot of the things on the first page, but what about when we get to like the third page or the fifth page or the seventh page? Now you're getting into applications which the maintainer just might not know about. Maybe you've only been around for a month or so. Is a month fine? Is two months? Is 5 months?

[00:16:42]Is a year? What is the point where this has been maintained long enough? This has been maintained well enough that even though you are using some level of AI tooling, it would still be fine. on Mastoni says if the project has community engagement release cadence CI and seems to have been more than pure slot produced in three weeks it would be likely exempted that's how the bar already was before that commit and yet here we are and that is a totally reasonable policy but it's not written down as the policy is your policy is this your criteria or is this the actual policy that flatub is going to follow. If this is the actual policy, this should be documented as part of the policy because what you basically have right now is do you follow one of the maintainers on Masttodon and know their personal undocumented rules for the submission process, right? Like I I I'm not saying that this is a bad approach to handle it. It's just if this is the way it is handled, it should be documented. And that is also a way to deal with a lot of these slop submissions you have. If there is a bit of documentation you can specifically point to you are not following this thing then that limits some of the slop you're seeing and it makes it very easy to just go and say okay you're done you don't meet this specific requirement. Understandable.

[00:18:10]Someone says in the replies that this would lead to lawyering over the policy but you're going to have that regardless because what you have right now is a very vague policy. Someone can just argue, well we are mature, we are well-maintained. Why don't you just let us on anyway if you at least have some sort of criteria on what this actually means? It gives you a easier position to argue from. We tried to prevent slop submissions based on sufficient development history and overall project health and it didn't reduce the workload at all. Only cause sloppers to dispute the rules because you didn't actually write the rules down. I couldn't find these rules anywhere within the existing documentation. So I don't know where you would find those. Another thing the policy says is applications containing AI generated or AI systemed code documentation or other content are not allowed. So let's consider the case of arsync. Obviously arync is a CLI tool but let's imagine arync as a gooey application that you would have on flatub just something developed like this is. So obviously you have a lot of stuff just by triidge here. But if we go back a bit, all of this Claude, all of this Claude, all of this Claude, lots and lots and lots of Claude. And in the latest release, you have a lot of people complaining that this had a bunch of regressions. It had a bunch of issues.

[00:19:32]And this latest release, a lot of people felt was a really, really bad release.

[00:19:38]And some of those issues are directly related to this AI code. Whilst you say exceptions may be granted for mature, well-maintained projects, is there a point where you've had enough AI generated code, you've had enough bad releases where this is rejected?

[00:19:58]Specifically, you stated, "As always, we are not applying this retroactively. So any vibe coded apps which were already published will remain available."

[00:20:09]If I understand this correctly, what you've effectively done, I don't think this is the intention, but what you've effectively done is created this sort of two-tier application moderation system where once you pass that initial moderation stage, you're allowed on FlatHub. Now you effectively don't have to follow the AI policy and you're pretty much just free to do whatever you want because you're a mature well-maintained project. Again, I don't think this is the intention.

[00:20:44]But when you have a bunch of vaguely phrased rules, you have undocumented rules, what effectively ends up happening is somewhere down the line there is going to be something which turns into a really big and dumb drama where an application is wrongfully removed or rejected where one maintainer thinks it should be on the store, another thinks it shouldn't be on the store and this becomes a stupid mess that people have to argue about. And it pretty much all could be cleared up by just having a clearer policy that you know what you have to meet. And if you want to go very pessimistic, Tom Hwarder of OS News puts it quite well. I don't think they had any choice in adding this exception, but it does feel a bit like rules for thee, but not for me. I can easily see the relatively small incrowded developers around FlatHub and Flatpack and their friends handing each other exceptions while enforcing much stricter rules when it comes to outsiders. Say a well-known Gnome application from a longtime Gnome contributor adds AI generated code. Will it really be banned from Flathub? I have my doubts. I get it and I understand why the conversation was locked here after a single comment. But at the same time, by doing so, you have just left yourself open to this really weird situation that could have been resolved and I hope gets resolved by just having a bit of open discussion about this going on.

[00:22:18]Obviously, there would have been stupid people that came along, tried to argue about stuff and all this and all this annoying stuff. I get it. But I hope if anyone from FlatHub sees this, you can at least understand where I'm coming from here. I think the policy overall is a reasonable policy, but I think there are areas where you're just waiting for somebody to basically start a big drama for effectively no reason and it could just be stopped long before that ever happens. One thing I think is very funny is because he posted this on the Fediverse and the Fediverse is very anti-AI, a lot of the replies to this aren't actually about the specific policy itself. instead. There's a lot of people in here arguing basically about him saying that LLMs exist and people use LLMs. That's that's like not up for debate anymore. I I don't even know why people are arguing about that. And uh I don't know, maybe maybe I'll do a full video on this sort of idea where there is a lot of people in the current FOS space which are very anti-A.

[00:23:27]What's going to happen when a lot of these project leaders become the gray beards and then you have these young Gen A programmers, they become the 20-year-olds, they become the people leading the Foss world. These are people growing up with AI tooling from the very day they write any lines of code. A lot of these people have very different opinions on the use of AI. I don't know how policies are going to change over the years and I do expect there to be some really big culture clashes over the next like 10 15 years. But what is your stance on the policy? If you want to go and lawyer about the policy in the comments and try to find any loopholes, feel free to do so. I would love to see it. So yeah, let me know your thoughts down below. If you like the video, go like the video and go subscribe as well.

[00:24:17]And if you really like the video and you want to become one of these amazing people over here, check out the Patreon subscribes deli bar linked in the description down below. That's going to be it for me. And what is your policy?

[00:24:53]something like this.