AI policies
Nicola Tuveri
Public
Seen by 23
Other communities within our platform have been discussing about drafting AI policies for OpenSSL to adopt. [0]
This effort is likely to cover at least 2 areas:
What do we consider the best practices and what do we reject, when it comes to using generative AI tools for contributing to the project (be it code contributions and the provenance aspects of non-trivial code, discovering and reporting issues and security defects, and any other use)
What does the project promise to its users when it comes to responsible use of generative AI tools for its processes and activities.
Recently Fedora has been exploring this space as well [1], and I would like to ask the members of the academics community to express their views, concerns, recommendations, and any feedback related to these topics.
[0]: https://openssl-communities.org/d/oKBU196a/should-openssl-have-an-ai-policy-
Keith Takunda Chatsauka · Thu 23 Oct 2025 6:57AM
I will post more in-depth comments later on, but as I am privileged enough to be a lawyer and technologist, I suggest that we should invest some time and effort into establishing our own internal A.I contributions policy, with clearly defined procedure on how to use A.I in an ethical manner when contributing to our existing code base. As I am working on a similar policy for South African Universities to use in the Quantum Technology initiative, I will provide lessons gleaned from that process as input for our own policy drafting procedure, so we do not have to re-invent the wheel, and we can avoid some of the problematic areas already arising from that complicated undertaking. I will post more concrete recommendations in the coming days and weeks.