1. Patchew
  2. QEMU
  3. [PATCH 0/3] docs/code-provenance: clarify AI exception process
  4. View patch

[PATCH 3/3] docs/code-provenance: AI exceptions are in addition to DCO

Paolo Bonzini posted 3 patches 4 months, 2 weeks ago
[PATCH 3/3] docs/code-provenance: AI exceptions are in addition to DCO
Posted by Paolo Bonzini 4 months, 2 weeks ago 
Using phrasing from https://openinfra.org/legal/ai-policy (with just
"commit" replaced by "submission", because we do not submit changes
as commits but rather emails), clarify that the contributor remains
responsible for its copyright or license status.

[This is not my preferred phrasing.  I would prefer something lighter
like "the "Signed-off-by" label in the contribution gives the author
responsibility".  But for the sake of not reinventing the wheel I am
keeping the exact words from the OpenInfra policy.]

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 docs/devel/code-provenance.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/devel/code-provenance.rst b/docs/devel/code-provenance.rst
index 103e0a97d76..41062f29639 100644
--- a/docs/devel/code-provenance.rst
+++ b/docs/devel/code-provenance.rst
@@ -341,3 +341,9 @@ or more general revisions. This can be done by contacting the qemu-devel
 mailing list with details of a proposed tool, model, usage scenario, etc.
 that is beneficial to QEMU, while still mitigating the legal risks to the
 project.  After discussion, any exception will be listed below.
+
+Exceptions do not remove the need for authors to comply with all other
+requirements for contribution.  In particular, the "Signed-off-by"
+label in a patch submissions is a statement that the author takes
+responsibility for the entire contents of the patch, including any parts
+that were generated or assisted by AI tools or other tools.
-- 
2.51.0
Re: [PATCH 3/3] docs/code-provenance: AI exceptions are in addition to DCO
Posted by Kevin Wolf 4 months, 1 week ago 
Am 22.09.2025 um 17:48 hat Paolo Bonzini geschrieben:
> Using phrasing from https://openinfra.org/legal/ai-policy (with just
> "commit" replaced by "submission", because we do not submit changes
> as commits but rather emails), clarify that the contributor remains
> responsible for its copyright or license status.

I feel here the commit message is clearer than...

> [This is not my preferred phrasing.  I would prefer something lighter
> like "the "Signed-off-by" label in the contribution gives the author
> responsibility".  But for the sake of not reinventing the wheel I am
> keeping the exact words from the OpenInfra policy.]
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  docs/devel/code-provenance.rst | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/docs/devel/code-provenance.rst b/docs/devel/code-provenance.rst
> index 103e0a97d76..41062f29639 100644
> --- a/docs/devel/code-provenance.rst
> +++ b/docs/devel/code-provenance.rst
> @@ -341,3 +341,9 @@ or more general revisions. This can be done by contacting the qemu-devel
>  mailing list with details of a proposed tool, model, usage scenario, etc.
>  that is beneficial to QEMU, while still mitigating the legal risks to the
>  project.  After discussion, any exception will be listed below.
> +
> +Exceptions do not remove the need for authors to comply with all other
> +requirements for contribution.  In particular, the "Signed-off-by"
> +label in a patch submissions is a statement that the author takes
> +responsibility for the entire contents of the patch, including any
> parts +that were generated or assisted by AI tools or other tools.

...the actually committed text. We should probably mention "copyright or
license status" explicitly here in some way instead of just a more
generic "responsibility for the entire contents" without referring to
copyright.

Maybe something like "...responsibility for the entire contents of the
patch and in particular its copyright or license status, ..."

Kevin
Re: [PATCH 3/3] docs/code-provenance: AI exceptions are in addition to DCO
Posted by Paolo Bonzini 4 months, 1 week ago 
On 9/29/25 09:54, Kevin Wolf wrote:
> Am 22.09.2025 um 17:48 hat Paolo Bonzini geschrieben:
>> Using phrasing from https://openinfra.org/legal/ai-policy (with just
>> "commit" replaced by "submission", because we do not submit changes
>> as commits but rather emails), clarify that the contributor remains
>> responsible for its copyright or license status.
> 
> I feel here the commit message is clearer than...
>
>> +Exceptions do not remove the need for authors to comply with all other
>> +requirements for contribution.  In particular, the "Signed-off-by"
>> +label in a patch submissions is a statement that the author takes
>> +responsibility for the entire contents of the patch, including any parts
>> +that were generated or assisted by AI tools or other tools.
> 
> ...the actually committed text. We should probably mention "copyright or
> license status" explicitly here in some way instead of just a more
> generic "responsibility for the entire contents" without referring to
> copyright.

It's mentioned earlier, since the responsibility is not limited to 
exceptions: "To satisfy the DCO, the patch contributor has to fully 
understand the copyright and license status of content they are 
contributing to QEMU".  I find this sentence to be already a bit heavy, 
and would prefer not to make it longer.

Paolo

> Maybe something like "...responsibility for the entire contents of the
> patch and in particular its copyright or license status, ..."
Re: [PATCH 3/3] docs/code-provenance: AI exceptions are in addition to DCO
Posted by Kevin Wolf 4 months, 1 week ago 
Am 29.09.2025 um 11:19 hat Paolo Bonzini geschrieben:
> On 9/29/25 09:54, Kevin Wolf wrote:
> > Am 22.09.2025 um 17:48 hat Paolo Bonzini geschrieben:
> > > Using phrasing from https://openinfra.org/legal/ai-policy (with just
> > > "commit" replaced by "submission", because we do not submit changes
> > > as commits but rather emails), clarify that the contributor remains
> > > responsible for its copyright or license status.
> > 
> > I feel here the commit message is clearer than...
> > 
> > > +Exceptions do not remove the need for authors to comply with all other
> > > +requirements for contribution.  In particular, the "Signed-off-by"
> > > +label in a patch submissions is a statement that the author takes
> > > +responsibility for the entire contents of the patch, including any parts
> > > +that were generated or assisted by AI tools or other tools.
> > 
> > ...the actually committed text. We should probably mention "copyright or
> > license status" explicitly here in some way instead of just a more
> > generic "responsibility for the entire contents" without referring to
> > copyright.
> 
> It's mentioned earlier, since the responsibility is not limited to
> exceptions: "To satisfy the DCO, the patch contributor has to fully
> understand the copyright and license status of content they are contributing
> to QEMU".  I find this sentence to be already a bit heavy, and would prefer
> not to make it longer.

Isn't the whole paragraph meant to say that exceptions don't make any of
earlier mentioned requirements go away? So I don't think it would be
redundant in this context, even though of course it would repeat the
requirement just to tell more specifically what it's referring to.

If you don't want to say "copyright or license status" here, referring
to "DCO requirements" would have the same effect (because we do have
the explanation you quoted).

Kevin
Re: [PATCH 3/3] docs/code-provenance: AI exceptions are in addition to DCO
Posted by Paolo Bonzini 4 months, 1 week ago 
On 9/29/25 11:35, Kevin Wolf wrote:
>> It's mentioned earlier, since the responsibility is not limited to
>> exceptions: "To satisfy the DCO, the patch contributor has to fully
>> understand the copyright and license status of content they are contributing
>> to QEMU".  I find this sentence to be already a bit heavy, and would prefer
>> not to make it longer.
> 
> Isn't the whole paragraph meant to say that exceptions don't make any of
> earlier mentioned requirements go away? So I don't think it would be
> redundant in this context, even though of course it would repeat the
> requirement just to tell more specifically what it's referring to.

Even though this section is specifically about generated content
exceptions, requirements are not limited to the DCO.  Of the other
practices in the file, "where an automated manipulation is performed
on code, however, this should be declared in the commit message" is
an important one in this context.  The fourth and more controversial
patch in the RFC included text about providing the prompt and, while
it is premature to have it now, I can imagine this paragraph becoming
a bullet list:

----
Exceptions do not remove the need for authors to comply with all other
requirements for contribution.  In particular:

- the "Signed-off-by" label in a patch submission is a statement
   that the author takes responsibility for the entire contents of
   the patch, including any parts that were generated or assisted by AI
   tools or other tools.

- it is highly encouraged to provide background information such as the
   prompts that were used, and to not mix AI- and human-written code in the
   same commit, as much as possible.
---

Also, for lack of a better place, this sentence about requirements could
even extend to those spelled out by submitting-a-patch.rst.  For example,
"use the QEMU coding style", "split up long patches", "don't include
irrelevant changes", "write a meaningful commit message" all serve as
indicators that contributors have properly reviewed and understood any
generated output.

I like the idea that the concerns are split between the exception process
(assessing risk in general) and regular review (assessing code quality of
specific contributions).

Either way, I agree that there is room for clarifying the policy even further.

Thanks,

Paolo

> If you don't want to say "copyright or license status" here, referring
> to "DCO requirements" would have the same effect (because we do have
> the explanation you quoted).
> 
> Kevin
> 
> 
>
Re: [PATCH 3/3] docs/code-provenance: AI exceptions are in addition to DCO
Posted by Stefan Hajnoczi 4 months, 2 weeks ago 
On Mon, Sep 22, 2025 at 05:48:42PM +0200, Paolo Bonzini wrote:
> Using phrasing from https://openinfra.org/legal/ai-policy (with just
> "commit" replaced by "submission", because we do not submit changes
> as commits but rather emails), clarify that the contributor remains
> responsible for its copyright or license status.
> 
> [This is not my preferred phrasing.  I would prefer something lighter
> like "the "Signed-off-by" label in the contribution gives the author
> responsibility".  But for the sake of not reinventing the wheel I am
> keeping the exact words from the OpenInfra policy.]
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  docs/devel/code-provenance.rst | 6 ++++++
>  1 file changed, 6 insertions(+)

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Re: [PATCH 3/3] docs/code-provenance: AI exceptions are in addition to DCO
Posted by Peter Maydell 4 months, 2 weeks ago 
On Mon, 22 Sept 2025 at 16:48, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> Using phrasing from https://openinfra.org/legal/ai-policy (with just
> "commit" replaced by "submission", because we do not submit changes
> as commits but rather emails), clarify that the contributor remains
> responsible for its copyright or license status.
>
> [This is not my preferred phrasing.  I would prefer something lighter
> like "the "Signed-off-by" label in the contribution gives the author
> responsibility".  But for the sake of not reinventing the wheel I am
> keeping the exact words from the OpenInfra policy.]
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  docs/devel/code-provenance.rst | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/docs/devel/code-provenance.rst b/docs/devel/code-provenance.rst
> index 103e0a97d76..41062f29639 100644
> --- a/docs/devel/code-provenance.rst
> +++ b/docs/devel/code-provenance.rst
> @@ -341,3 +341,9 @@ or more general revisions. This can be done by contacting the qemu-devel
>  mailing list with details of a proposed tool, model, usage scenario, etc.
>  that is beneficial to QEMU, while still mitigating the legal risks to the
>  project.  After discussion, any exception will be listed below.
> +
> +Exceptions do not remove the need for authors to comply with all other
> +requirements for contribution.  In particular, the "Signed-off-by"
> +label in a patch submissions is a statement that the author takes

grammar nit: "submission".

> +responsibility for the entire contents of the patch, including any parts
> +that were generated or assisted by AI tools or other tools.

otherwise
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.