Next Steps For the Software Heritage Problem

[MSavoritias]

Hello,

Context:

As you may already know there have discussions around Software Heritage
and the LLM model they are collaborating with for a bit now. The model
itself was announced at
https://www.softwareheritage.org/2023/10/19/swh-statement-on-llm-for-code/

As I have started writing some packages I became interested in how I
might actually stop my code from ever reaching Software Heritage or at
the very least said LLM model. Every single package in guix is added
there automatically.

I sent an email on Friday and I got an answer back that such consent
mechanism hasn't been implemented and I was shown the legal terms.
instead what I am supposed to do is:

After guix has my code, my code will be automatically in Software
Heritage and the LLM model. So I am supposed to opt out seperately with
both of them to ensure that my code wont be used for future versions.
This of course means that my code will stay forever in Software
Heritage and the LLM model (or some version of it at least).

The reasoning that was given was that code harvesting happens anyway
and we give an opt-out. I am guessing its opt-out and not opt-in
because they would have less code but this is speculation of course :)

This is against our desire to make it a welcoming space and also
against the spirit of our CoC. Specifically because authors do not know
this happens when they submit packages to Guix. So it is all done
without consent.

Next Steps:

So what can we do as a Guix community from here?
Communication/Writing wise:

1. Add a clear disclaimer/requirment that any new package that is added
in Guix, the person has to give consent or get consent from the person
that the package is written in. This needs to be added in the docs and
in the email procedures.
2. Make a blog post of our stance towards Software Heritage and the
code harvesting they are doing. This post will write in environmental
and ethical grounds why Guix is against this and mention specifically
Software Heritage. This is done to separate and mention that we do not
like what is happening in case anyone comes asking, and hopefully give
public pressure to Software Heritage.
3. Exclude all Software Heritage merch, stands, talks, people in
official capacity, logos, or anything else that participates in social
events of guix and write it in some rules we have. also write in
channel rules that Software Heritage is offtopic same way Non-Free
Software is offtopic.
4. There doesn't seem to be any movement on the side of Guix towards:
- Accountability in an official capacity of SH for the terrible
  handling of the trans name incident and a plan to make it easier in
  the future.
- The LLM problem that was mentioned in this email.
So with that said I urge anybody who has been in contact with them in
an official Guix capacity to come forward, otherwise I can volunteer to
be that. Idk if we have a community outreach thing I need to be in also
for that. (we should if not)

The above make two assumptions:
1. That the Guix community is against LLM/"AI". Which for environmental
and ethical grounds we should be.
2. That we are a consent culture.

Coding Wise this has been talked about before some potential options
are:
- Communicate with Software Heritage to be able to give a "sign" that
the code that is sent should go or not in the code harvesting project.
- Remove all Software Heritage integration since its too hard to be
  ethical about it and built a better solution.

Conclusion:

To summarize from the steps I wrote above, it seems Software Heritage
makes it harder and harder for us to actually be an inclusive,
welcoming space we want to be. Idk what that leaves us, as I said I am
not part of any "insider" discussions. But it seems to not move that
much and its time to start doing actionable things in another direction.

MSavoritias