Post B06dps2IOk6m0Lbojg by Kylieeee@mastodon.social
(DIR) More posts by Kylieeee@mastodon.social
(DIR) Post #B05SdMuD1NPNKIhcK8 by keepassxc@fosstodon.org
2025-11-09T14:28:49Z
0 likes, 1 repeats
We wrote up a blog post detailing our development and quality assurance workflow. We describe how new contributions are merged into the code base, and we address the change to our policy regarding AI-assisted code submissions and the concerns raised about it. https://keepassxc.org/blog/2025-11-09-about-keepassxcs-code-quality-control/
(DIR) Post #B05x8EcerflDEs7y7s by timorl@social.wuatek.is
2025-11-09T14:54:44.322066Z
1 likes, 0 repeats
@keepassxc I think you misunderstood the “plausible-looking generation” criticism. The issue is not that the LLM is created to purposefully slip changes past reviewers, that would indeed be quite silly. It is trained by optimizing for plausible looking output – in essence the LLM “tries” to generate code that looks plausibly correct and such code is correct only inasmuch as code being correct is correlated with code looking correct. In contract humans when coding are trying to create correct code, and correctness there is related to how well a given human can generate correct code. The worry is that when a human makes a mistake it has a much higher chance of looking like a mistake, while LLMs are more likely to create correct-looking mistakes, because they are optimized for creating correct-looking output in general. This is what people mean when they say that LLMs will “sneak” mistakes past reviewers, and perhaps a reason to at least have different approaches to reviewing these two kinds of code.I’m not sure what to think about the change in general, given what I know about LLMs your approach still makes me quite uneasy, but probably not enough to switch to a different password manager. Anyway, just wanted to explain the apparent confusion about this specific argument.Oh, and since I’m writing to you already – thanks a lot for maintaining KeePassXC, it’s on the short list of software that works exactly as I like and I really have no complaints about. :heart_cybre:
(DIR) Post #B05x8FN650uJYtr3Vg by keepassxc@fosstodon.org
2025-11-09T15:02:35Z
0 likes, 0 repeats
@timorl We had a longer section in the first draft, but decided to shorten it, since there is too much speculation in this argument in the first place and it's a bit beside the point. Text LLMs are designed to appeal to humans (which they do terribly sometimes), but it's not something that a trained individual would fall for. Code LLMs, on the other hand, have different alignment processes to ensure the generation matches a specification. Code isn't optimised to look good, it has to be correct.
(DIR) Post #B05x8FyJqcgJQLGmWm by Kylieeee@mastodon.social
2025-11-09T15:07:34Z
0 likes, 0 repeats
@keepassxc @timorl I'm just going to be blunt. Get AI out of my encrypted password manager. Keepass has been an extremely invaluable tool to me that I'm increasingly recommending to friends but I can't trust a black box algorithm writing the code behind the scenes.Do better, if you need funding for actual devs ask and I'm certain you'll receive it.
(DIR) Post #B05x8GgHDBqLcfpt2m by keepassxc@fosstodon.org
2025-11-09T15:08:59Z
0 likes, 0 repeats
@Kylieeee @timorl We are not doing anything behind the scenes. It's as transparent as it can be.
(DIR) Post #B05x8HDFEcDNGvGDQm by ozzelot@mstdn.social
2025-11-10T07:09:04Z
0 likes, 0 repeats
@keepassxcI guess it might be more accurate to say you are using the black box right on the stage, illuminated by a giant spotlight. Yet still it is there, and much of the audience doesn't want to see it in this play at all.@Kylieeee @timorl
(DIR) Post #B06dps2IOk6m0Lbojg by Kylieeee@mastodon.social
2025-11-10T15:07:36Z
0 likes, 0 repeats
@ozzelot @keepassxc @timorl I appreciate you taking issue at entirely the wrong thing. It's no secret that FOSS is chronically underfunded. This is why I stated to ask for funding (from us) if they need it. Keepass is something the community wants to protect and would stand together if that's what it took.