The closer I look, the more depressed I get.
First of all, the entire thing feels off. Quoting one commenter:
So this seems to be some kind of universal package manager where most of the content is AI generated and it's all tied into some kind of reverse bug bounty thing thing that also has crypto built in for some reason? I feel like we need a new OSS license that excludes stuff like this. Imagine AI-generated curl | bash installers 🤮
The bug bounty thing in question apparently being tea.xyz. From what I can tell, the only things actually being AI-generated are descriptions and logos for packages as an experimental web frontend for the registry, not package contents nor build/distribution instructions (thank god).
Apparently pkgx
(the package manager in question) is being built by the person who created brew
. I leave it up to the reader's sensibilities to decide whether this is a good or bad omen for the project itself.
Now we get to the actual sneer-worthy content (in my view): the comments given by a certain user for whom it seems PKGX is the best thing since sliced bread, and that any criticism of using AI for the project's hosted content is just and who thinks we should all change our preferences and habits to accommodate this
PKGX didn't (and still doesn't) have a description and icon/logo field. However, from beginning (since when it was tea), it had a large number of packages (more than 1200 now). So, it would have been hard to write descriptions and add images to every single package. There's more than just adding packages to the pantry. PKGX Pantry is, unlike most registries, a fully-automated one. But upstreams often change their build methods, or do things that break packaging. So, some areas like a webpage for all packages get left out (it was added a lot later). Now, it needed images and descriptions. Updating descriptions and images for every single package wouldn't be that good. So, AI-based image and description generation might be the easiest and probably also the best for everyone approach. Additionally, the hardwork of developers working on this project and every Open-Source project should be appreciated.
I got whiplash from the speed at which they pivot from arguing "it would have been hard for a human to write all these descriptions" to "the hardwork of developers working on this projet [...] should be appreciated". So it's "hard" work that justifies letting people deal with spicy autocomplete in the product itself, but less hard than copying the descriptions that many of these projects make publicly available regardless??? Not to mention the packaged software probably has some descriptions that took time and effort to make, that this thing just disregards in favor of having Stochastic Polly guess what flavor of cracker it's about to feed you.
When others push back against AI-anything being so heavily involved in this package registry project, we get the next pearl of wisdom (emphasis mine):
But personally I think, a combination of both AI and human would be the best. Instead of AI directly writing, we can maybe make it do PR (for which, we'll need to add a description field). The PR can be reviewed. And if it's not correct, can also be corrected. That's just my opinion.
Surely the task of reviewing something written by an AI that can't be blindly trusted, a task that basically requires you to know what said AI is "supposed" to write in the first place to be able to trust its outpu, is bound to always be simpler and result in better work than if you sat down and wrote the thing yourself.
Icing on the cake, the displayed profile name for the above comment's author is rustdevbtw
. Truly hitting as many of the "tech shitshow" bingo squares as we can! (no shade intended towards rust itself, I really like the language, I just thinking playing into cliques like this is not great).
My original post title was going to be something a bit more sensational like "Bored of dealing with actual human package maintainers? Want to get in on that AI craze? Use an LLM to generate descriptions for curl-piped-to-bash installations scraped from the web!" but in doing my due diligence I see the actual repo owner/maintainer shows up and is infinitely more reassuring with their comments, and imo shows a good level of responsibility in cleaning up the mess that spawned from this comments section on that github issue.
This is only semi-related but.
When I quit Microsoft last year they were heavily pushing AI into everything. At some point they added an automated ChatGPT nonsense "summary" to every PR you opened. First it'd edit the description to add its own take on the contents, and then it'd add a review comment.
Anyone who had to deal with PR review knows it can be frustrating. This made it so that right of the bat you would have to deal with a lengthy, completely nonsensical review that missed the point of the code, asked for terrible "improvements", or straight up proposed incorrect code.
In effect it made the process much more frustrating and time-consuming. The same workload was there, plus you had to read an equivalent of a 16-year-old who thinks he knows how software works explain your work to you badly. And since it's a bona fide review comment, you have to address it and close it. Absolutely fucking kafkaesque.
Forcing humans to read and cleanup AI regurgitated nonsense should be a felony.
@V0ldek @Jayjader jeez. Reminds me of what they did with their whole TDD "no, don't do it! Oh ok
, now call whatever you did do 'TDD' even though we didn't allow you to do TDD" thing.