Our company has a similar policy as the Linux Kernel project. Full disclosure in commit messages, and the author (human) of the commit takes full responsibility. https://docs.kernel.org/process/coding-assistants.html It's probably a good time the FPC team to get a policy in place too. G.