LLM generated code in free software is a potential landmine. The copyright of such code is an open question, and any current answer to that question risks changing at some point in the future.

This is a particular problem for git-annex since future proofing is an important aspect of its design.

So, git-annex does not contain code generated by LLMs and guarantees it will never do so.

However, libraries and other things that git-annex depends on do not generally have such guarantees. Although it would be very much appreciated if they did.

git-annex currently supports being built with versions of dependencies that pre-date any introduction of LLM generated code. To do so, turn on the NoLLMDependencies build flag. When building with stack, use stack-NoLLMDependencies.yaml. (It is not currently built that way by default, but such builds are welcome.)

Unfortunately, it's not possible to guarantee that will continue to work in new versions of git-annex. That's the goal, but it may become untenable. See below for details about possible future problems with specific dependencies.

Note that if a security hole is only fixed by a newer version of a dependency, the NoLLMDependencies build flag will still build with the older, insecure version.

Additional work needs to be done on an ongoing basis to review git-annex's dependencies to detect the addition of LLM generated code.

Help with finding these is welcome. Please edit this page and/or file bug reports on git-annex if it cannot be built without LLM generated code.

known dependencies that contain LLM generated code

ghc

This commit is probably the first, and will be released in the upcoming ghc 9.15.

git-annex remains buildable with older versions of ghc back to 9.6.6.

This will probably prevent git-annex from taking advantage of most new improvements to the Haskell language going forward. That is deeply unfortunate. This is the main reason why git-annex is not guaranteed to never change to depend on LLM generated code, because cutting it off from all future Haskell language improvements may be worse than the alternative.

ram and its reverse dependencies

ram since 0.21.0.

Note particularly large LLM generated code churn with apparently broken (how?) changes in 0.21.0 being reverted in 0.21.1.

Rather than use ram, git-annex continues to use the unmaintained memory that ram was forked from.

But ram is an dependency of other dependencies, and these in particular depend on 0.21.0 or newer:

  • crypton since 1.1.0
  • tls since 2.3.1

Reverse dependencies of ram

The NoLLMDependencies build flag depends on an older version of ram in order to prevent such dependencies using the newer version.

persistent

persistent since 2.15.0.0

First LLM generated code

git-annex supports being built with older versions.

yesod

yesod since 1.7.0.0

First LLM generated code

LLM generated commit with a 1489 line commit message and 10,000+ lines of changes.

(See ditch yesod)

Cabal

First LLM generated code

Cabal is needed to build git-annex, but is not linked into it. There is a risk that a new version of Cabal could need changes to git-annex.cabal that prevent an old version building it.

git

Since 2.53

First LLM generated code

git-annex supports git back to 2.22.