Rationale for the CLA update (AI-assisted contributions)
Copyright law in major jurisdictions requires human authorship. Authorities such as the U.S. Copyright Office have made clear that purely machine-generated output is not copyrightable, while AI-assisted works are protected only to the extent that a human exercised creative judgment (e.g. selection, modification, arrangement): https://www.copyright.gov/ai/
Given this, the CLA was updated to:
explicitly allow AI-assisted development, reflecting modern practice; and
exclude fully automated submissions, which would not provide reliable copyright ownership.
The clause deliberately avoids requiring contributors to make false or unverifiable warranties (for example about AI training data or model provenance), which contributors cannot realistically know and which do not meaningfully reduce legal risk. This approach aligns with guidance from open-source legal practitioners, such as Red Hat’s analysis of AI and open source: https://www.redhat.com/en/blog/ai-assisted-development-and-open-source-navigating-legal-issues
Instead, the CLA anchors responsibility where the law recognises it: in the human contributor’s actions and rights. Contributors must confirm that they exercised meaningful creative judgment and that they have the legal right to submit the work, preserving a clean chain of title suitable for dual or proprietary licensing.
How can AI assisted be distinguished from fully automated? To be fully automated would that mean the agent has to complete the entire workflow of submitting a PR without any user interaction, in addition to writing the code change?
There were a couple of recent PRs which I submitted, where the actually code change was written entirely by an AI agent. They were literally 1-5 line code changes so there was nothing I needed to add or remove from the change, but I committed the change myself and created the PR and wrote the description myself.
Would that be considered AI assisted or fully automated?
That's a good question - fully automated would be for example a project where all code is generated without any user intervention at all and no review process.
In those PRs you mentioned, you instructed the AI to make this change, you reviewed it, maybe you asked it to refine the change, etc. Then you decided that it was good enough and submitted it. Then I reviewed it again, and potentially we discussed changes that were applied and so on.
All that is human authorship. As long as a human reviewed, understood, and took responsibility for what was submitted it counts as AI-assisted, not fully automated.
I think what would count as fully automated would be something like a bot that, for example, applies the linter to a PR and automatically commits. The output would not be copyrightable but it doesn't really matter because it's trivial changes.
I think Fedora or Redhat, I forgot where I read this, also ask contributors to disclose if a large part of a PR was created using AI, and maybe we could ask for this too, if only so that we know what to expect when reviewing. Sometimes unexperienced developers create pure AI PRs, which are very low quality, and in that case we could just close it and ask them to do it again, instead of spending a lot of time discussing changes (that they may not even understand themselves).