MIME-Version: 1.0
References: 
 <CPYP284MB1221DDF51A8E74C19F07F74EC948A@CPYP284MB1221.BRAP284.PROD.OUTLOOK.COM>
 <202603262322.jvxx26ed3eu5@alvherre.pgsql>
In-Reply-To: <202603262322.jvxx26ed3eu5@alvherre.pgsql>
From: "David G. Johnston" <david.g.johnston@gmail.com>
Date: Thu, 26 Mar 2026 16:54:12 -0700
Message-ID: 
 <CAKFQuwY5RcdcgCbCRBC5g0k9sbNspNbtyRgWAJBJhkb_pfX1RA@mail.gmail.com>
Subject: Re: [PATCH v1] Replace sprintf() with snprintf() in libpq for safety
 Anexo: o arquivo
To: =?UTF-8?Q?=C3=81lvaro_Herrera?= <alvherre@kurilemu.de>
Cc: Thiago Caserta <caserta@movestax.com>,
	"pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Content-Type: multipart/alternative; boundary="0000000000000e621c064df61c56"
Archived-At: 
 <https://www.postgresql.org/message-id/CAKFQuwY5RcdcgCbCRBC5g0k9sbNspNbtyRgWAJBJhkb_pfX1RA%40mail.gmail.com>
Precedence: bulk

--0000000000000e621c064df61c56
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 26, 2026 at 4:33=E2=80=AFPM =C3=81lvaro Herrera <alvherre@kuril=
emu.de> wrote:

> On 2026-Mar-24, Thiago Caserta wrote:
>
> > Attached is a patch that converts several sprintf() calls to
> > snprintf() in libpq client library code.
>
> I'm not sure we should take a patch with a tag attributing authorship to
> an LLM owned by a commercial entity.


Agreed.  As with a book author, any bad code, decisions, or other mistakes
are solely the fault of the submitting author.  As is the good stuff.
Ideally the author has confirmed it is good (in their own opinion) since
they expect others to do so as well as part of the review and commit
process.

It is in fact a reputational thing for authors to take full ownership of
what they submit.


> Do we really want to be accepting code patches written by tools that
> make the most obvious code worse than before?  I am quite scared of the
> quality of code of medium complexity written by this tool.
>
>
I'd say take this as an opportunity to teach (or not) just as if the author
of patch claimed to write the entire thing without AI assistance.  But it
would definitely be reasonable for a hastily produced patch that doesn't
pass muster to be hastily rejected on such grounds.  We have plenty to
review and if this patch wouldn't have existed without LLM assistance then
unless it sparks the interest in someone to go and clean it up anyway we
are not really any worse off being quick to state that it doesn't meet our
standards.

Otherwise, while there is a patch, maybe just treat it as a simple
suggestion with an example.

David J.

--0000000000000e621c064df61c56
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon=
t-family:arial,helvetica,sans-serif"><span style=3D"font-family:Arial,Helve=
tica,sans-serif">On Thu, Mar 26, 2026 at 4:33=E2=80=AFPM =C3=81lvaro Herrer=
a &lt;<a href=3D"mailto:alvherre@kurilemu.de">alvherre@kurilemu.de</a>&gt; =
wrote:</span></div></div><div class=3D"gmail_quote gmail_quote_container"><=
blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l=
eft:1px solid rgb(204,204,204);padding-left:1ex">On 2026-Mar-24, Thiago Cas=
erta wrote:<br><br>
&gt; Attached is a patch that converts several sprintf() calls to<br>
&gt; snprintf() in libpq client library code.<br>
<br>
I&#39;m not sure we should take a patch with a tag attributing authorship t=
o<br>
an LLM owned by a commercial entity.</blockquote><div><br></div><div><div c=
lass=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif">Agr=
eed.=C2=A0 As with a book author, any bad code, decisions, or other mistake=
s are solely the fault of the submitting author.=C2=A0 As is the good stuff=
.=C2=A0 Ideally the author has confirmed it is good (in their own opinion) =
since they expect others to do so as well as part of the review and commit =
process.</div></div><div class=3D"gmail_default" style=3D"font-family:arial=
,helvetica,sans-serif"><br></div><div class=3D"gmail_default" style=3D"font=
-family:arial,helvetica,sans-serif">It is in fact a reputational thing for =
authors to take full ownership of what they submit.</div><div><br></div><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-lef=
t:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Do we really want to be accepting code patches written by tools that<br>
make the most obvious code worse than before?=C2=A0 I am quite scared of th=
e<br>
quality of code of medium complexity written by this tool.<br><br></blockqu=
ote><div><br></div><div class=3D"gmail_default" style=3D"font-family:arial,=
helvetica,sans-serif">I&#39;d say take this as an opportunity=C2=A0to teach=
 (or not) just as if the author of patch claimed to write the entire thing =
without AI assistance.=C2=A0 But it would definitely be reasonable for a ha=
stily produced patch that doesn&#39;t pass muster to be hastily rejected on=
 such grounds.=C2=A0 We have plenty to review and if this patch wouldn&#39;=
t have existed without LLM assistance then unless it sparks the interest in=
 someone to go and clean it up anyway we are not really any worse off being=
 quick to state that it doesn&#39;t meet our standards.</div><div class=3D"=
gmail_default" style=3D"font-family:arial,helvetica,sans-serif"><br></div><=
div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif=
">Otherwise, while there is a patch, maybe=C2=A0just treat it as a simple s=
uggestion with an example.</div><div class=3D"gmail_default" style=3D"font-=
family:arial,helvetica,sans-serif"><br></div><div class=3D"gmail_default" s=
tyle=3D"font-family:arial,helvetica,sans-serif">David J.</div><div class=3D=
"gmail_default" style=3D"font-family:arial,helvetica,sans-serif"><br></div>=
</div></div>

--0000000000000e621c064df61c56--