Update 2025-11-18-generative-ai-peer-review.md

Author: eliotwrobson

_posts/2025-11-18-generative-ai-peer-review.md

@@ -31,12 +31,12 @@ Our goal is transparency and fostering reproducible research. For scientific rig
 
 LLMs are perceived as helping developers:
 
-* Explain complex codebases
-* Generate unit tests and docstrings
-* In some cases, simplifying language barriers for participants in open source around the world
-* Speeding up everyday workflows
+- Explain complex codebases
+- Generate unit tests and docstrings
+- In some cases, simplifying language barriers for participants in open source around the world
+- Speeding up everyday workflows
 
-Some contributors also believe these products open source more accessible. And for some, maybe they do. However, LLMs also present
+Some contributors perceive these products as making open source more accessible. And for some, maybe they do. However, LLMs also present
 unprecedented social and environmental challenges.
 
 ### Incorrectness of LLMs and misleading time benefits
@@ -51,7 +51,7 @@ Training and running LLMs [requires massive energy consumption](https://www.unep
 
 Heavy reliance on LLMs risks producing developers who can prompt, but not debug, maintain, or secure production code. This risk undermines long-term project sustainability and growth. In the long run, it will make it [harder for young developers to learn how to code and troubleshoot independently](https://knowledge.wharton.upenn.edu/article/without-guardrails-generative-ai-can-harm-education/).
 
-> We’re really worried that if humans don’t learn, if they start using these tools as a crutch and rely on it, then they won’t actually build those fundamental skills to be able to use these tools effectively in the future. *Hamsa Bastani*
+> We’re really worried that if humans don’t learn, if they start using these tools as a crutch and rely on it, then they won’t actually build those fundamental skills to be able to use these tools effectively in the future. _Hamsa Bastani_
 
 ### Ethics and inclusion
 
@@ -63,75 +63,75 @@ We acknowledge that social and ethical norms, as well as concerns about environm
 
 Our community’s expectation is simple: **be open and disclose any Generative AI use in your package** when you submit it to our open software review process.
 
-* Disclose LLM use in your README and at the top of relevant modules.
-* Describe how the Generative AI tools were used in your package's development.
-* Be clear about what human review you performed on Generative AI outputs before submitting the package to our open peer review process.
+- Disclose LLM use in your README and at the top of relevant modules.
+- Describe how the Generative AI tools were used in your package's development.
+- Be clear about what human review you performed on Generative AI outputs before submitting the package to our open peer review process.
 
 Transparency helps reviewers understand context, trace decisions, and focus their time where it matters most.
 
 ### Human oversight
 
 LLM-assisted code must be **reviewed, edited, and tested by humans** before submission.
 
-* Run your tests and confirm the correctness of the code that you submitted.
-* Check for security and quality issues.
-* Ensure style, readability, and concise docstrings.
-* Explain your review process in your software submission to pyOpenSci.
+- Run your tests and confirm the correctness of the code that you submitted.
+- Check for security and quality issues.
+- Ensure style, readability, and concise docstrings. Depending on the AI tool, generated docstrings can sometimes be overly verbose without adding meaningful understanding.
+- Explain your review process in your software submission to pyOpenSci.
 
-Please **don’t offload vetting of generative AI content to volunteer reviewers**. Arrive with human-reviewed code that you understand, have tested, and can maintain.
+Please **don't offload vetting of generative AI content to volunteer reviewers**. Arrive with human-reviewed code that you understand, have tested, and can maintain. As the submitter, you are accountable for your submission: you take responsibility for the quality, correctness, and provenance of all code in your package, regardless of how it was generated.
 
 ### Watch out for licensing issues.
 
-LLMs are trained on large amounts of open source code; most of that code has licenses that require attribution.
-The problem? LLMs sometimes spit out near-exact copies of that training data, but without any attribution or copyright notices.
+LLMs are trained on large amounts of open source code, and most of that code has licenses that require attribution (including permissive licenses like MIT and BSD-3).
+The problem? LLMs sometimes produce near-exact copies of that training data, but without any attribution or copyright notices. **LLM output does not comply with the license requirements of the input code, even when the input is permissively licensed**, because it fails to provide the required attribution.
 
 Why this matters:
 
-* LLM-generated code may be *substantially similar* to copyrighted training data; sometimes it is identical. Copyright law focuses on how similar your content is compared to the original.
-* You can't trace what content the LLM learned from (the black box problem); this makes due diligence impossible on your part. You might accidentally commit plagiarism or copyright infringement by using LLM output in your code even if you modify it.
-* License conflicts can occur because of both items above. Read on...
+- LLM-generated code may be _substantially similar_ to copyrighted training data; sometimes it is identical. Copyright law focuses on how similar your content is compared to the original.
+- You can't trace what content the LLM learned from (the black box problem); this makes due diligence impossible on your part. You might accidentally commit plagiarism or copyright infringement by using LLM output in your code even if you modify it.
+- License conflicts occur because of both items above. Read on...
 
-When licenses clash, it gets messy. Say your package uses an MIT license (common in scientific Python), but an LLM outputs Apache-2.0 or GPL code—those licenses aren't compatible. You can't just add attribution to fix it. Technically, you'd have to delete everything and rewrite it from scratch to comply with the licensing requirements.
+When licenses clash, it gets particularly messy. Even when licenses are compatible (e.g., MIT-licensed training data and MIT-licensed output), you still have a violation because attribution is missing. With incompatible licenses (say, an LLM outputs GPL code and your package uses MIT), you can't just add attribution to fix it—you'd technically have to delete everything and rewrite it from scratch using clean-room methods to comply with licensing requirements.
 
 The reality of all of this is that you can't eliminate this risk of license infringement or plagiarism with current LLM technology. But you can be more thoughtful about how you use the technology.
 
 **What you can do now:**
 
-* Be aware that when you directly use content developed by an LLM, there will be inherent license conflicts.
-* Understand and transform code that is returned from a LLM: Don't paste LLM outputs directly. Review, edit, and ensure you fully understand what you're using. You can ask the LLM questions to better understand it's outputs. This approach also helps you learn which addresses the education concerns that we raised earlier.
-* **Use LLMs as learning tools**: Ask questions, review outputs critically, then write your own implementation based on understanding. Often the outputs of LLMs are messy or inefficient. Use them to learn, not to copy.
-* Consider [clean-room techniques](https://en.wikipedia.org/wiki/Clean-room_design): Have one person review LLM suggestions for approach; have another person implement from that high-level description
-* **Document your process**: If you plan to submit a Python package for pyOpenSci review, we will ask you about your use of LLM's in your work. Document the use of LLMs in your project's README file and in any modules with LLM outputs have been applied. Confirm that it has been reviewed by a human prior to submitting it to us,  or any other volunteer lead peer review process.
+- Be aware that when you directly use content from an LLM, there will be inherent license conflicts and attribution issues.
+- Understand and transform code returned from an LLM: Don't paste LLM outputs directly. Review, edit, and ensure you fully understand what you're using. You can ask the LLM questions to better understand its outputs. This approach also helps you learn, which addresses the education concerns that we raised earlier.
+- **Use LLMs as learning tools**: Ask questions, review outputs critically, then write your own implementation based on understanding. Often the outputs of LLMs are messy or inefficient. Use them to learn, not to copy.
+- Consider [clean-room techniques](https://en.wikipedia.org/wiki/Clean-room_design): Have one person review LLM suggestions for approach; have another person implement from that high-level description
+- **Document your process**: If you plan to submit a Python package for pyOpenSci review, we will ask you about your use of LLM's in your work. Document the use of LLMs in your project's README file and in any modules with LLM outputs have been applied. Confirm that it has been reviewed by a human prior to submitting it to us, or any other volunteer lead peer review process.
 
 You can't control what's in training data, but you can be thoughtful about how you use these tools.
 
 <div class="notice" markdown="1">
 Examples of how these licensing issues are impacting and stressing our legal systems:
 
-* [GitHub Copilot litication](https://githubcopilotlitigation.com/case-updates.html)
-* [Litigation around text from LLMs](https://arxiv.org/abs/2505.12546)
-* [incompatible licenses](https://dwheeler.com/essays/floss-license-slide.html)
+- [GitHub Copilot litication](https://githubcopilotlitigation.com/case-updates.html)
+- [Litigation around text from LLMs](https://arxiv.org/abs/2505.12546)
+- [incompatible licenses](https://dwheeler.com/essays/floss-license-slide.html)
 </div>
 
 ### Review for bias
 
 Inclusion is part of quality. Treat AI-generated text with the same care as code.
 Given the known biases that can manifest in Generative AI-derived text:
 
-* Review AI-generated text for stereotypes or exclusionary language.
-* Prefer plain, inclusive language.
-* Invite feedback and review from diverse contributors.
+- Review AI-generated text for stereotypes or exclusionary language.
+- Prefer plain, inclusive language.
+- Invite feedback and review from diverse contributors.
 
 ## Things to consider in your development workflows
 
 If you are a maintainer or a contributor, some of the above can apply to your development and contribution process, too.
 Similar to how peer review systems are being taxed, rapid, AI-assisted pull requests and issues can also overwhelm maintainers too. To combat this:
 
-* Open an issue first before submitting a pull request to ensure it's welcome and needed
-* Keep your pull requests small with clear scopes.
-* If you use LLMs, test and edit all of the output before you submit a pull request or issue.
-* Flag AI-assisted sections of any contribution so maintainers know where to look closely.
-* Be responsive to feedback from maintainers, especially when submitting code that is AI-generated.
+- Open an issue first before submitting a pull request to ensure it's welcome and needed
+- Keep your pull requests small with clear scopes.
+- If you use LLMs, test and edit all of the output before you submit a pull request or issue.
+- Flag AI-assisted sections of any contribution so maintainers know where to look closely.
+- Be responsive to feedback from maintainers, especially when submitting code that is AI-generated.
 
 ## Where we go from here