The closer I look, the more depressed I get.

First of all, the entire thing feels off. Quoting one commenter:

So this seems to be some kind of universal package manager where most of the content is AI generated and it’s all tied into some kind of reverse bug bounty thing thing that also has crypto built in for some reason? I feel like we need a new OSS license that excludes stuff like this. Imagine AI-generated curl | bash installers 🤮

The bug bounty thing in question apparently being tea.xyz. From what I can tell, the only things actually being AI-generated are descriptions and logos for packages as an experimental web frontend for the registry, not package contents nor build/distribution instructions (thank god).

Apparently pkgx (the package manager in question) is being built by the person who created brew. I leave it up to the reader’s sensibilities to decide whether this is a good or bad omen for the project itself.

Now we get to the actual sneer-worthy content (in my view): the comments given by a certain user for whom it seems PKGX is the best thing since sliced bread, and that any criticism of using AI for the project’s hosted content is just and who thinks we should all change our preferences and habits to accommodate this

PKGX didn’t (and still doesn’t) have a description and icon/logo field. However, from beginning (since when it was tea), it had a large number of packages (more than 1200 now). So, it would have been hard to write descriptions and add images to every single package. There’s more than just adding packages to the pantry. PKGX Pantry is, unlike most registries, a fully-automated one. But upstreams often change their build methods, or do things that break packaging. So, some areas like a webpage for all packages get left out (it was added a lot later). Now, it needed images and descriptions. Updating descriptions and images for every single package wouldn’t be that good. So, AI-based image and description generation might be the easiest and probably also the best for everyone approach. Additionally, the hardwork of developers working on this project and every Open-Source project should be appreciated.

I got whiplash from the speed at which they pivot from arguing “it would have been hard for a human to write all these descriptions” to “the hardwork of developers working on this projet […] should be appreciated”. So it’s “hard” work that justifies letting people deal with spicy autocomplete in the product itself, but less hard than copying the descriptions that many of these projects make publicly available regardless??? Not to mention the packaged software probably has some descriptions that took time and effort to make, that this thing just disregards in favor of having Stochastic Polly guess what flavor of cracker it’s about to feed you.

When others push back against AI-anything being so heavily involved in this package registry project, we get the next pearl of wisdom (emphasis mine):

But personally I think, a combination of both AI and human would be the best. Instead of AI directly writing, we can maybe make it do PR (for which, we’ll need to add a description field). The PR can be reviewed. And if it’s not correct, can also be corrected. That’s just my opinion.

Surely the task of reviewing something written by an AI that can’t be blindly trusted, a task that basically requires you to know what said AI is “supposed” to write in the first place to be able to trust its outpu, is bound to always be simpler and result in better work than if you sat down and wrote the thing yourself.

Icing on the cake, the displayed profile name for the above comment’s author is rustdevbtw. Truly hitting as many of the “tech shitshow” bingo squares as we can! (no shade intended towards rust itself, I really like the language, I just thinking playing into cliques like this is not great).

My original post title was going to be something a bit more sensational like “Bored of dealing with actual human package maintainers? Want to get in on that AI craze? Use an LLM to generate descriptions for curl-piped-to-bash installations scraped from the web!” but in doing my due diligence I see the actual repo owner/maintainer shows up and is infinitely more reassuring with their comments, and imo shows a good level of responsibility in cleaning up the mess that spawned from this comments section on that github issue.

  • corbin@awful.systems
    link
    fedilink
    English
    arrow-up
    6
    ·
    9 months ago

    Microsoft is legendary for this. In fact, I’ll give you Microsoft’s entire business recipe; it’s not secret:

    • Dogfood all products
    • Maintain backwards compatibility at all costs
    • Have at least a decade’s worth of liquid operating funds in the bank at all times