Why is Copilot so bad?
Why is Copilot so bad?
Posted Jul 5, 2022 15:58 UTC (Tue) by anselm (subscriber, #2796)In reply to: Why is Copilot so bad? by nye
Parent article: Software Freedom Conservancy: Give Up GitHub: The Time Has Come!
> These include rigorous testing, *IP scanning*, and checking for security vulnerabilities (emphasis mine)
In other words, they want us to perform the due diligence that they're not prepared to do themselves. This does not detract from the fact that they're misleading Copilot users about the copyright status of the code that Copilot emits, so they're potentially violating licenses such as the GPL or BSD license which stipulate that code covered by them can only be passed on if the license grant is also passed on.
Posted Jul 6, 2022 11:17 UTC (Wed)
by nye (subscriber, #51576)
[Link] (4 responses)
That directly contradicts the part of my comment that you quoted! Where are you getting this? Why do you think that you can tell such blatant lies and not get called out? I'm... well actually I'm just speechless at this point. I guess there's not much point continuing any further.
Posted Jul 6, 2022 13:12 UTC (Wed)
by anselm (subscriber, #2796)
[Link] (3 responses)
From what I've seen, Copilot does not annotate its suggestions with information about the status of the material it derives these suggestions from. That is, Copilot is “misleading” recipients of code snippets about their copyright status by not saying anything about their copyright status at all and instead requiring the recipients to figure out for themselves if the snippets are copyrighted (and if so, under what license, if any, they may be used). This may be justified from Github's/Microsoft's POV because many of the suggestions Copilot makes may be too trivial or too much like very obvious boilerplate to qualify for copyright protection in the first place, but there is no guarantee for that. Accidentally including, e.g., GPL material from Copilot output into their own non-GPL projects is a risk that Copilot users need to deal with somehow.
Nobody would have a problem with Copilot if Copilot said, where appropriate, “This code snippet derives from code licensed under the GPL”, because anyone receiving such a code snippet could then decide for themselves whether they wanted to accept it on those terms and act accordingly. (It would depend on the nature of the snippet in question whether this is an actual problem; e.g., three lines of schematic boilerplate from a GPL project are probably fairly innocuous to take over even for non-GPL code, but a nontrivial piece of nonobvious code might be more of an issue.) It would certainly suggest more effectively that the Copilot project is acting in good faith than simply sticking one's head in the sand.
Posted Jul 6, 2022 20:00 UTC (Wed)
by NYKevin (subscriber, #129325)
[Link] (2 responses)
The whole "we'll tell you if your code looks similar to input data" thing is a search engine layered on top of Copilot, but that's really only going to be useful for very close matches. It doesn't have the smarts to say "well, this actually came from codebase X, even though it looks completely different to X."
Posted Jul 7, 2022 7:26 UTC (Thu)
by nim-nim (subscriber, #34454)
[Link] (1 responses)
Posted Jul 7, 2022 17:34 UTC (Thu)
by NYKevin (subscriber, #129325)
[Link]
Why is Copilot so bad?
Why is Copilot so bad?
Why is Copilot so bad?
Why is Copilot so bad?
Why is Copilot so bad?