Redox OS Bans LLM-Generated Code, Requires Certificate of Origin for Contributors

Redox OS, the Rust-based microkernel operating system, updated its CONTRIBUTING.md on March 9, 2026 to ban contributions generated by large language models and require all contributors to sign a Certificate of Origin certifying that submitted code is their original work. The announcement drew 266 comments on Hacker News within a day, with debate centering on enforceability and the broader implications for open-source contribution norms.

The revised CONTRIBUTING.md now includes two hard requirements. Contributors must "sign a Certificate of Origin certifying they have the right to submit the contribution and that it represents their original work." Alongside that, the policy "explicitly prohibits the use of large language models including ChatGPT, Claude, Copilot, and similar tools in generating code contributions." Both requirements apply to all contributions to the project without exception.

The stated rationale behind the policy covers four areas: copyright ambiguity, code quality, legal liability, and software craftsmanship in open-source development. With legal and ethical questions around LLM-generated code still unresolved industry-wide, Redox OS chose to draw a firm line rather than wait for broader consensus to emerge. No enforcement mechanism was described in the policy update, and that gap became a focal point of the Hacker News discussion, where contributors questioned how maintainers could realistically detect AI-generated submissions.

Redox OS occupies a distinctive corner of the Rust ecosystem. Unlike the monolithic Linux kernel, it uses a microkernel architecture where system components run in isolated address spaces. It also departs from the Unix "everything is a file" model in favor of a URL-based resource system inspired by Plan 9, where all resources are addressed through URLs rather than file paths. Written entirely in Rust, the project benefits from the language's memory safety guarantees, sidestepping the class of buffer overflow vulnerabilities that have long plagued C-based operating systems.

The policy puts Redox OS among the first Rust-native projects to formalize an explicit stance against AI-generated contributions. Whether other open-source projects follow suit may depend on how the legal questions around LLM training data and code ownership develop. With those questions still unresolved, the Redox OS policy stands as an early data point in what is likely to become a wider conversation across the open-source world.