You can only prove that all contributions are pushed by those humans, and you can quite explicitly/clearly not prove that those humans didn't use any AI prior to pushing.

▲

lrvick an hour ago | parent [-]

I absolutely do not care what autocomplete tools someone used. Only that they as humans own and sign what is submitted so it is attached to their very expensive reputations they do not want to lose.

▲

orf an hour ago | parent [-]

That’s great, and I also don’t care. But I think all people are saying is that by most definitions you cannot “prove all contributions to stagex are by humans”.

Or are you saying you can prove that aliens and cats didn’t make them? Because I’m not sure that’s true either.

And once you find out someone has trained their dog to commit something, how exactly do you revoke your trust?

I think if you answer these questions you’ll see pretty quickly why this solution isn’t the silver bullet you think it is.

Edit: stagex looks really, really good

	▲	lrvick 4 minutes ago \| parent [-]
		It is not a silver bullet by itself, but when combined with the other tactics in stagex I believe it gives us a very strong supply chain attack defense. I can not prove the tools used, but I can prove multiple humans signed off on code with keys they stake their personal reputations on that I have confirmed they maintain on smartcards. While nothing involving humans is perfect I feel it is best effort with existing tools and standards and makes us one of the hardest projects to deploy a successful supply chain attack on today. Edit: Saw your edit. Thanks!