Hi all
I've sent this to what I hope is a representative subset of TrustedFirmware.org project maintainers. Feel free to forward to others you think should be included.
I'm writing to gather maintainer feedback on a proposal for TrustedFirmware.org to have a policy on the use of AI-assistants in code contributions. Several other open-source organizations already have their own policies. Attached is the current draft of that policy, which is based on the Linux Foundation and Apache Software Foundation guidance. This has been discussed at the TF.org board and more recently, the TSC (see minutes herehttps://lists.trustedfirmware.org/archives/list/tsc@lists.trustedfirmware.org/thread/DIDKNFC6NCMVGHT7SOYKHB56R2XTNCUO/). Eric Finco @ ST had 2 pieces of feedback to this, the 2nd of which prompted me to seek this wider input. To summarize that feedback:
1. Eric would like all contributions that use AI assistants to explicitly attribute the tool(s) used in the contribution for transparency reasons. The counter feedback is that this might be onerous to generate (especially if a tool has a complex backend) and there is no clear use for that information. 2. Eric would like the policy to apply to all TrustedFirmware.org projects, rather allowing projects to develop their own project-specific guidance (as per the current draft).
Some of this might require more interaction discussion. My plan was to invite you all to a future TSC meeting (perhaps in September) to discuss further. I'm happy to take feedback on the policy, Eric's feedback or the process to handle this. Feel free to reply to this email (to all or just to me), or just wait for that TSC meeting.
Best regards
Dan.
Hi Dan,
I like the proposal as written.
On Eric’s modifications my thoughts are:
1) I also think this might be onerous to generate. The DCO is still in place and it’s the submitter using the AI tool that needs to ensure what is submitted meets the project licence and other guidance. I think that should be enough.
2) I think its important to allow projects to have the ability to have project specific rules. When I read the proposed general guidance I was thinking any project guidance would be in addition to the general guidance.
Joanna
From: Dan Handley Dan.Handley@arm.com Date: Thursday, 31 July 2025 at 17:25 To: Soby Mathew Soby.Mathew@arm.com, Sandrine Bailleux Sandrine.Afsa@arm.com, Manish Pandey2 Manish.Pandey2@arm.com, Olivier Deprez Olivier.Deprez@arm.com, Bipin Ravi Bipin.Ravi@arm.com, Joanna Farley Joanna.Farley@arm.com, Julius Werner jwerner@google.com, Varun Wadekar vwadekar@nvidia.com, Raghu Krishnamurthy raghupathyk@nvidia.com, yann.gautier@st.com yann.gautier@st.com, Manish Badarkhe Manish.Badarkhe@arm.com, David Brown (david.brown@linaro.org) david.brown@linaro.org, Ermel, Dominik dominik.ermel@nordicsemi.no, jamie.mccrae@nordicsemi.no jamie.mccrae@nordicsemi.no, Anton Komlev Anton.Komlev@arm.com, Antonio De Angelis Antonio.DeAngelis@arm.com, Alexei Fedorov Alexei.Fedorov@arm.com, Javier Almansa Sobrino Javier.AlmansaSobrino@arm.com, Arunachalam Ganapathy Arunachalam.Ganapathy@arm.com, Jens Wiklander jens.wiklander@linaro.org, jerome.forissier@linaro.org jerome.forissier@linaro.org, etienne.carriere@foss.st.com etienne.carriere@foss.st.com, Gilles Peskine Gilles.Peskine@arm.com, Janos Follath Janos.Follath@arm.com, Manuel Pegourie-Gonnard Manuel.Pegourie-Gonnard@arm.com, Ronald Cron Ronald.Cron@arm.com, Joao Alves Joao.Alves@arm.com, Madhukar Pappireddy Madhukar.Pappireddy@arm.com, Gyorgy Szing Gyorgy.Szing@arm.com Cc: tsc@lists.trustedfirmware.org tsc@lists.trustedfirmware.org Subject: Feedback requested on TrustedFirmware.org "Guidance on AI-assisted contributions" Hi all
I’ve sent this to what I hope is a representative subset of TrustedFirmware.org project maintainers. Feel free to forward to others you think should be included.
I’m writing to gather maintainer feedback on a proposal for TrustedFirmware.org to have a policy on the use of AI-assistants in code contributions. Several other open-source organizations already have their own policies. Attached is the current draft of that policy, which is based on the Linux Foundation and Apache Software Foundation guidance. This has been discussed at the TF.org board and more recently, the TSC (see minutes herehttps://lists.trustedfirmware.org/archives/list/tsc@lists.trustedfirmware.org/thread/DIDKNFC6NCMVGHT7SOYKHB56R2XTNCUO/). Eric Finco @ ST had 2 pieces of feedback to this, the 2nd of which prompted me to seek this wider input. To summarize that feedback:
1. Eric would like all contributions that use AI assistants to explicitly attribute the tool(s) used in the contribution for transparency reasons. The counter feedback is that this might be onerous to generate (especially if a tool has a complex backend) and there is no clear use for that information. 2. Eric would like the policy to apply to all TrustedFirmware.org projects, rather allowing projects to develop their own project-specific guidance (as per the current draft).
Some of this might require more interaction discussion. My plan was to invite you all to a future TSC meeting (perhaps in September) to discuss further. I’m happy to take feedback on the policy, Eric’s feedback or the process to handle this. Feel free to reply to this email (to all or just to me), or just wait for that TSC meeting.
Best regards
Dan.
+1 to what Joanna has said below. #1 is unnecessary burden unless there is clear use for that, I don't know of one either. #2 must be the case that projects can override (or make additions) the general guidance since that's likely where we will land for practical reasons.
Get Outlook for iOShttps://aka.ms/o0ukef ________________________________ From: Joanna Farley Joanna.Farley@arm.com Sent: Thursday, August 21, 2025 6:02:52 AM To: Dan Handley Dan.Handley@arm.com; Soby Mathew Soby.Mathew@arm.com; Sandrine Bailleux Sandrine.Afsa@arm.com; Manish Pandey2 Manish.Pandey2@arm.com; Olivier Deprez Olivier.Deprez@arm.com; Bipin Ravi Bipin.Ravi@arm.com; Julius Werner jwerner@google.com; Varun Wadekar vwadekar@nvidia.com; Raghu Krishnamurthy raghupathyk@nvidia.com; yann.gautier@st.com yann.gautier@st.com; Manish Badarkhe Manish.Badarkhe@arm.com; David Brown (david.brown@linaro.org) david.brown@linaro.org; Ermel, Dominik dominik.ermel@nordicsemi.no; jamie.mccrae@nordicsemi.no jamie.mccrae@nordicsemi.no; Anton Komlev Anton.Komlev@arm.com; Antonio De Angelis Antonio.DeAngelis@arm.com; Alexei Fedorov Alexei.Fedorov@arm.com; Javier Almansa Sobrino Javier.AlmansaSobrino@arm.com; Arunachalam Ganapathy Arunachalam.Ganapathy@arm.com; Jens Wiklander jens.wiklander@linaro.org; jerome.forissier@linaro.org jerome.forissier@linaro.org; etienne.carriere@foss.st.com etienne.carriere@foss.st.com; Gilles Peskine Gilles.Peskine@arm.com; Janos Follath Janos.Follath@arm.com; Manuel Pegourie-Gonnard Manuel.Pegourie-Gonnard@arm.com; Ronald Cron Ronald.Cron@arm.com; Joao Alves Joao.Alves@arm.com; Madhukar Pappireddy Madhukar.Pappireddy@arm.com; Gyorgy Szing Gyorgy.Szing@arm.com Cc: tsc@lists.trustedfirmware.org tsc@lists.trustedfirmware.org Subject: Re: Feedback requested on TrustedFirmware.org "Guidance on AI-assisted contributions"
External email: Use caution opening links or attachments
Hi Dan,
I like the proposal as written.
On Eric’s modifications my thoughts are:
1) I also think this might be onerous to generate. The DCO is still in place and it’s the submitter using the AI tool that needs to ensure what is submitted meets the project licence and other guidance. I think that should be enough.
2) I think its important to allow projects to have the ability to have project specific rules. When I read the proposed general guidance I was thinking any project guidance would be in addition to the general guidance.
Joanna
From: Dan Handley Dan.Handley@arm.com Date: Thursday, 31 July 2025 at 17:25 To: Soby Mathew Soby.Mathew@arm.com, Sandrine Bailleux Sandrine.Afsa@arm.com, Manish Pandey2 Manish.Pandey2@arm.com, Olivier Deprez Olivier.Deprez@arm.com, Bipin Ravi Bipin.Ravi@arm.com, Joanna Farley Joanna.Farley@arm.com, Julius Werner jwerner@google.com, Varun Wadekar vwadekar@nvidia.com, Raghu Krishnamurthy raghupathyk@nvidia.com, yann.gautier@st.com yann.gautier@st.com, Manish Badarkhe Manish.Badarkhe@arm.com, David Brown (david.brown@linaro.org) david.brown@linaro.org, Ermel, Dominik dominik.ermel@nordicsemi.no, jamie.mccrae@nordicsemi.no jamie.mccrae@nordicsemi.no, Anton Komlev Anton.Komlev@arm.com, Antonio De Angelis Antonio.DeAngelis@arm.com, Alexei Fedorov Alexei.Fedorov@arm.com, Javier Almansa Sobrino Javier.AlmansaSobrino@arm.com, Arunachalam Ganapathy Arunachalam.Ganapathy@arm.com, Jens Wiklander jens.wiklander@linaro.org, jerome.forissier@linaro.org jerome.forissier@linaro.org, etienne.carriere@foss.st.com etienne.carriere@foss.st.com, Gilles Peskine Gilles.Peskine@arm.com, Janos Follath Janos.Follath@arm.com, Manuel Pegourie-Gonnard Manuel.Pegourie-Gonnard@arm.com, Ronald Cron Ronald.Cron@arm.com, Joao Alves Joao.Alves@arm.com, Madhukar Pappireddy Madhukar.Pappireddy@arm.com, Gyorgy Szing Gyorgy.Szing@arm.com Cc: tsc@lists.trustedfirmware.org tsc@lists.trustedfirmware.org Subject: Feedback requested on TrustedFirmware.org "Guidance on AI-assisted contributions"
Hi all
I’ve sent this to what I hope is a representative subset of TrustedFirmware.org project maintainers. Feel free to forward to others you think should be included.
I’m writing to gather maintainer feedback on a proposal for TrustedFirmware.org to have a policy on the use of AI-assistants in code contributions. Several other open-source organizations already have their own policies. Attached is the current draft of that policy, which is based on the Linux Foundation and Apache Software Foundation guidance. This has been discussed at the TF.org board and more recently, the TSC (see minutes herehttps://lists.trustedfirmware.org/archives/list/tsc@lists.trustedfirmware.org/thread/DIDKNFC6NCMVGHT7SOYKHB56R2XTNCUO/). Eric Finco @ ST had 2 pieces of feedback to this, the 2nd of which prompted me to seek this wider input. To summarize that feedback:
1. Eric would like all contributions that use AI assistants to explicitly attribute the tool(s) used in the contribution for transparency reasons. The counter feedback is that this might be onerous to generate (especially if a tool has a complex backend) and there is no clear use for that information. 2. Eric would like the policy to apply to all TrustedFirmware.org projects, rather allowing projects to develop their own project-specific guidance (as per the current draft).
Some of this might require more interaction discussion. My plan was to invite you all to a future TSC meeting (perhaps in September) to discuss further. I’m happy to take feedback on the policy, Eric’s feedback or the process to handle this. Feel free to reply to this email (to all or just to me), or just wait for that TSC meeting.
Best regards
Dan.
-
Dan Handley -
Joanna Farley -
Raghu Krishnamurthy