Software Provenance (blog.jsbarretto.com)

An open-source maintainer announced they will start adding “Provenance” and stricter contribution guidance to project READMEs to explicitly assert that the codebase is written, maintained and understood by humans — and to discourage acceptances of changes produced by large language models (LLMs). The notice stresses that while not every line’s origin can be guaranteed, the vast majority of the code was developed without stochastic “intelligence,” and appeals to contributors to only submit changes they personally understand and take responsibility for. The author frames source code as the project’s singular “source of truth,” not an artifact to be outsourced to automated generators, and cites GPLv3 as offering users at least some normative assurance of accountability. This is significant for the AI/ML community because it signals a cultural and operational pushback in open-source projects against unvetted LLM-generated contributions. Practical implications include more stringent review policies, longer onboarding and vetting cycles, potential README provenance tags as metadata, and renewed attention to licensing, reproducibility, security, and maintainability of code. For developers and toolmakers, the move implies demand for provenance-tracking, contribution attestations, and detection tools — and highlights an emerging tension between rapid automation-enabled productivity and human accountability in software engineering.