Totally get the concern about the risks of future litigation.
We clearly have vanishingly low invocation of the existing policy though, at least for the OpenStack codebases.
Now that could be due to one of several reasons, including:
(a) very low genAI tool usage among our contributors
or:
(b) widespread non-observance of the policy's requirements
IMO both are bad outcomes for the community, since (a) cuts us off from the productivity gains accruing from using these tools, whereas (b) cuts us off from the future risk mitigation of clearly marked AI-assisted contributions.
FWIW I suspect that the current wording of the policy could be a factor in either (a) or (b). and that a simplified, lightweight policy is more likely to be widely understood and observed.
Cheers,
Eoghan