sweng

There is no general copyright issue with AIs. It completely depends on the training material (if even then), so it's not possible to make blanket statements like that. Banning technology, because a particular implementation is problematic, makes no sense.

I'm confused why you think it would be anything else, and why you are so dead set on this. Repos include a signing key. There is an option to skip signature checking. And you think that signature checking is not used during downloads, despite this?

Ok, here are a few issues related to signatures being checked by default, when downloading: https://github.com/flatpak/flatpak/issues/4836 https://github.com/flatpak/flatpak/issues/5657 https://github.com/flatpak/flatpak/issues/3769 https://github.com/flatpak/flatpak/issues/5246 https://askubuntu.com/questions/1433512/flatpak-cant-check-signature-public-key-not-found https://stackoverflow.com/questions/70839691/flatpak-not-working-apparently-gpg-issue

Flatpak repos are signed and the signature is checked when downloading.

It's OK to be wrong. Dying on this hill seems pretty weird to me.

From the page:

It is recommended that OSTree repositories are verified using GPG whenever they are used. However, if you want to disable GPG verification, the --no-gpg-verify option can be used when a remote is added.

That is talking about downloading as well. Yes, you can turn it off, but so can you usually do it with native package managers, e.g. pacman: https://wiki.archlinux.org/title/Pacman/Package_signing

That doesn't seem to be true? https://flatpak-testing.readthedocs.io/en/latest/distributing-applications.html#gpg-signatures

In what way don't they "securely download" ?

Do you hapen to know where? Searching seems to give no results.

In theory, if you have the inputs, you have reproducible outputs, modulo perhaps some small deviations due to non-deterministic parallelism. But if those effects are large enough to make your model perform differently you already have big issues, no different than if a piece of software performs differently each time it is compiled.

The analogy works perfectly well. It does not matter how common it is. Pstching binaries is very hard compared to e.g. LoRA. But it is still essentially the same thing, making a derivative work by modifying parts of the original.

I don't see your point? What is the "source" for Mona Lisa I would use? For LLMs I could reproduce them given the original inputs.

Creating those inputs may be an art, but so could any piece of code. No one claims that code being elegant disqualifies it from being open source.

How is that different then e.g. patching a closed-sourced binary? There are plenty of community patches to old games to e.g. make them work on newer hardware. Architectural independence seems irrelevant, it's no different than e.g Java bytecode.

It would depend on the format what is counted as source, and what isn't.

You can create a picture by hand, using no input data.

I challenge you to do the same for model weights. If you truly just sit down and type away numbers in a file, then yes, the model would have no further source. But that is not something that can be done in practice.

"Open source" and "source available" are different things. See e.g. https://opensource.org/osd and https://opensource.com/article/18/2/coining-term-open-source-software