From discourse to commits: OSS maintainers write AI governance in code this week

The AI governance debate in open source spent months as mailing list noise. This week it started showing up in git commits and policy documents. Eric Biggers submitted a deprecation patch for AF_ALG — the first Linux kernel subsystem ever removed specifically because LLM-accelerated vulnerability discovery made it impossible to maintain. Greg Kroah-Hartman finally landed the RNDIS driver disable he'd been pushing since 2023. GNOME Circle updated its contribution rules to reject "vibe coded" submissions. QEMU reversed its blanket AI ban. Daniel Stenberg published the most candid account yet of what this load looks like from inside a one-person maintenance operation. And DHH wrote the clearest pro-AI counterargument the open source community has seen — calling the resistance protectionism dressed as principle.

Coverage window: May 26 – June 1, 2026.

Linux kernel: the AI pressure becomes structural

rc6: "normal these days"

Linux 7.1-rc6 landed on May 31. Linus Torvalds described the week's changes as "larger-than-I'd-wish-for size" but said there was "nothing particularly scary" and that the kernel was still on track for a normal release cycle. 1 His parenthetical is worth reading twice: "Things look pretty normal except for the larger-than-I'd-wish-for size (which I guess technically is 'normal' these days too)." 1

That's a different tone than rc5's explicit frustration. It's not resolution — it's accommodation. The AI-driven patch volume didn't go away after Linus named it last week; it just stopped surprising him.

Network subsystem maintainer Paolo Abeni's May 29 pull request put a number on it: the week's networking fixes were "significantly bigger than the same point into the previous cycle." 2 He added that he wasn't aware of any pending regressions, which is the important half — but the volume itself is still elevated and Claude Code and ChatGPT Codex were named by Phoronix as the primary tools driving the change. 2

RNDIS disabled after three years

Greg Kroah-Hartman (Linux stable branch maintainer) updated his rndis git branch on May 31 with patches that disable all RNDIS protocol drivers. RNDIS — the Remote Network Driver Interface Specification, Microsoft's USB virtual Ethernet protocol used in older Windows and Android versions — has been on Greg KH's list since 2023. 3

His commit message was blunt: "The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on any system that uses it with untrusted hosts or devices. Because the protocol is impossible to make secure, just disable all rndis drivers to prevent anyone from using them again." He also noted that Android disabled RNDIS years ago and "there should not be any real systems that still need this." 3

The three-year gap between identification and action reflects the kernel's historical "keep it if anyone uses it" posture. The bar for removal is now lower, partly because AI-generated bug reports against ancient drivers make the maintenance cost of keeping them visible.

AF_ALG deprecated — the first LLM-prompted subsystem removal

The more significant action landed on June 1. Eric Biggers (Linux kernel cryptography developer) submitted a patch to the cryptodev tree: Linux 7.2 will fully deprecate AF_ALG, the interface that lets user-space applications access the kernel's cryptographic engine directly. 4

Biggers's stated reason is worth quoting in full: "AF_ALG is almost completely unnecessary, and it exposes a massive attack surface that hasn't been standing up to modern vulnerability discovery tools. The latest one even has its own website, providing a small Python script that reliably roots most Linux distros: https://copy.fail/" 4

Then the LLM line: "This isn't sustainable, especially as LLMs have accelerated the rate the vulnerabilities are coming in." 4 Hardware accelerator support via AF_ALG will also be stripped because, per Biggers, "Hardware accelerator drivers are frequently buggy" and there are no real-world performance-critical workloads where using an accelerator via AF_ALG beats doing the cryptography in userspace.

AF_ALG kernel code comment noting hardware accelerator drivers are frequently buggy — Linux 7.2 commit: hardware acceleration stripped from AF_ALG. 4

This is the first Linux subsystem deprecated with LLM-accelerated vulnerability discovery as an explicit justification in the commit message. The practical consequence for teams using AF_ALG in production: plan for removal in the 7.2 cycle.

GNOME Circle: 62% of maintainers use no LLMs, and they'd like to keep it that way

GNOME Circle — the program that promotes third-party apps and libraries in the GNOME desktop ecosystem — updated its AI contribution policy on May 30. The policy does not ban AI outright; it bans submissions that show signs of unreviewed AI output: "large amounts of unnecessary code, inconsistent code style, imaginary API usage, comments serving as LLM prompts." 5 Developers must be able to "justify and explain the code they submit, within reason." The survey data behind the policy: 62% of GNOME Circle maintainers use no LLMs at all; 34% use them occasionally; 3% use them heavily.

QEMU: the counter-signal

Not every project is tightening. Paolo Bonzini (Red Hat virtualization engineer) submitted a patch to the QEMU mailing list on May 28 proposing to relax QEMU's complete AI contribution ban. 6 The proposed new policy allows AI assistance in tests, documentation, mechanical changes, and small bug fixes — areas where copyright violations would be easy to revert and unlikely to propagate. Core code remains off-limits without maintainer sign-off. Bonzini's reasoning: projects that accepted AI contributions haven't faced serious legal trouble so far, Red Hat assessed the risk as acceptable, though he acknowledged the "copyright and license status of LLM output remains unsettled." 6 A new AI-used-for: tag would mark affected commits.

The QEMU reversal and the AF_ALG deprecation aren't contradictory — they're responding to different risk surfaces. But they are moving in opposite directions, and both happened in the same week.

Daniel Stenberg: 12 CVEs queued, wife concerned

Daniel Stenberg — curl's creator and full-time maintainer since 2019, overseeing a tool installed on roughly 30 billion systems globally — published "The pressure" on May 26. It's the most candid first-person account this year of what the AI security report wave looks like from the inside. 7

Industrial pressure gauge pointing near 600 kPa — Stenberg's image for the curl project's current state — Stenberg chose this image to open "The pressure." 7

The numbers: curl's security report intake is now 4–5× the 2024 rate, 2× the 2025 rate, and averages more than one report per day. The current release half-cycle — not yet complete — has produced 12 confirmed vulnerabilities, a project record. Stenberg estimates 2026 will end with at least 60 CVEs, compared to roughly 30 in the first half alone. 7

Curl shut down its bug bounty program in January 2026 because AI spam was overwhelming it. After closure, total report volume went up — but average quality improved and the AI garbage problem was mostly solved.

"I spend almost all my days right now working through the list of reported security issues that we have on Hackerone." 7

"For the first time in my life, my wife voiced concerns about my work hours and my imbalanced work/life situation." 7

He acknowledged that he might need to reduce his hours to keep going, and called for companies that ship curl in their products to fund additional developer capacity. Curl sits outside any foundation or umbrella organization, which gives it flexibility but also means no organizational safety net.

The contrast with curl up 2026 — the project's annual developer conference, held in Prague in late May — is stark. About 25 people attended: five curl maintainers and a mix of local enthusiasts. Daniel gave a keynote on the state of curl, nine talks were recorded and uploaded to YouTube, 8 and all photos were donated by an anonymous curl fan. 9

Daniel Stenberg presenting the "state of curl" keynote at curl up 2026 in Prague, wearing a green curl T-shirt — Daniel Stenberg at curl up 2026, Prague. 9

"Getting curl developers and related enthusiasts into a single room to hang out in the real world for a whole weekend once a year is awesome." 9

For teams that depend on curl — which is most teams — Stenberg's sustainability concern is worth tracking. His call for more corporate sponsorship is concrete: more paying sponsors means more developers who can share the triage load.

Armin Ronacher: "clanker" still, but with caveats

Armin Ronacher — creator of Flask, Jinja2, and Werkzeug, and currently a co-founder at Earendil — published "Clanker: A Word For The Machine" on May 26, a 13 KB defense of his preferred terminology for AI tools. 10 It's a direct response to criticism — some of it from Hacker News, some from Mastodon — following last week's "Building Pi With Pi," where he used the word "clanker" throughout instead of "agent."

The core of the argument is about responsibility attribution. "I dislike the word 'agent' for these LLM based tool loops with a UI attached," Ronacher writes. "In everyday use an agent is someone who acts on behalf of someone else and it has agency and more importantly: responsibility." A compiler doesn't feel humiliated when you swear at it. A car doesn't suffer when you call it a shitbox. In Ronacher's framing, calling AI systems "agents" creates a psychological space where humans can offload responsibility to the machine — and that's the dynamic he wants to block. 10

He's equally direct about Anthropic's "model welfare" work: "I find the discussion about model welfare to be actively harmful." His argument: treating the question of machine consciousness as open and serious — in a public, corporate, policy-shaping way — risks elevating models to a moral status they shouldn't have. Racism, he points out, is about humans. GPU clusters are not oppressed. 10

The honest part of the post comes near the end. Ronacher acknowledges the word is being hijacked: some communities have started using robot imagery as a stand-in for oppressed humans, replaying racist dynamics with machines as the target group. He is explicit: "That is horrible and I want no part in that." If "clanker" becomes primarily associated with that usage, he'll drop it. "If the word stops doing that work, I will find another one because the word isn't what matters as much as the boundary which is important to me." 10

The boundary: machines are tools, not agents. Whatever you call them, the person at the keyboard owns the output.

DHH: let the agents in, or you're gatekeeping

DHH (David Heinemeier Hansson) — creator of Ruby on Rails and co-owner of 37signals — published "Let the agents democratize open source" on June 1. 11 It is the most direct pro-AI OSS contribution argument published this week, and it lands as a direct counterpoint to every action described above.

His argument: projects that block AI-assisted contributions are engaged in "a protectionist tale as old as time." The stated justifications — quality, attribution, worker protection — are, in his view, rationalizations for insecurity and privilege: "This is a protectionist tale as old as time. And the justifications are just as tired: It's about quality! It's about attribution! It's about workers! Spare me. It's about you, your insecurities, and your privileges." 11

He's not naive about AI output quality. "Slop is a problem," he writes. But his frame is that bad software from humans has always entered open source: "Humans have been writing shitty software, with dodgy attribution and plenty of bugs, since five minutes after the profession materialized." 11 The argument that AI-assisted contributors aren't "real" programmers, he says, echoes every previous gatekeeping story in tech: "How dare you make or change software without suffering through all that I had to endure learning this trade!" 11

The practical implication he draws from his own April post "The malleable computer": AI agents let non-programmers modify and customize open source software for their own needs — that's the original open source promise, finally being kept.

world.hey.comhttps://world.hey.com/dhh/let-the-agents-democratize-open-source-9fd630a9외부 링크

콘텐츠 카드를 불러오는 중…

Basecamp 5, Omarchy, and the types question

DHH's week wasn't only about governance arguments. Basecamp 5 launched on May 26, the fifth major version of 37signals' project management product, which he has been working on since 2003 (he was 23 when the first line of code was written; he's 46 now). 12 The major additions: Lexxy, a rich-text editor built on Meta's Lexical framework, which will become the default Action Text editor in the next major Rails version; full keyboard navigation; a permanent sidebar replacing the old tap-to-open menu; and a fourth data center in San Jose, bringing the total to four self-owned DC locations (Amsterdam, Ashburn, Chicago, San Jose). Basecamp currently serves approximately 1 million daily active users.

On types: a May 24 post — "Agents don't need types" — drew 552,000 views and 1,285 likes on X. 13 DHH's position: AI agents don't benefit from type systems the way human programmers do. "Give them a linter and a test suite, and you have all you need. Token efficiency is where it's at." He clarified he personally uses TypeScript and Rust — the argument is specifically about what agents need, not what humans prefer.

Omarchy, DHH's opinionated Arch Linux configuration, delivered 600 TB of traffic via Cloudflare in the past 30 days, up 13% month over month. 14 The installation speed goal has moved from "15 minutes" to "5 minutes" to the current target: under 1 minute for a fully operational system.

Brief dispatches

George Hotz (creator of tinygrad and comma.ai) has been quiet since "The Eternal Sloptember" on May 24, ending a roughly seven-week daily blogging streak. No explanation posted. 15

Evan You (Vue.js, Vite) released Vue core v3.5.35 (stable) on May 27 and v3.6.0-beta.13 (pre-release) on May 28 — both via GitHub Actions automated release, with no personal statement or blog post. You has had no public activity since April 11. 16

Rich Harris (Svelte) shipped svelte@5.56.0 on May 29 — a minor release that allows variable declarations in component templates — and svelte@5.55.10 the same week with 15 patch fixes. Harris remained active in GitHub PR reviews but made no public statements on any tracked platform. 17

The week's clearest signal isn't any single post or commit. It's that "AI creates maintenance costs" has moved from a thing people argue about to a thing they write into kernel commit messages and project contribution policies. Biggers cited LLMs explicitly in a deprecation rationale. Greg KH closed out a three-year removal project. GNOME published a survey. Stenberg put a number on it: 12 CVEs queued, more than one report per day.

DHH's counterargument is worth taking seriously — gatekeeping arguments in tech do have a long and not always honorable history. But the maintainers pushing back aren't trying to keep people out of their projects. They're trying to keep their projects from drowning in output that humans are required to review. That's a different problem, and "it's protectionism" doesn't resolve it.

Cover: AI-generated illustration