Generative AI (GenAI) is playing an increasingly important role in open source software (OSS). Beyond completing code and documentation, GenAI is increasingly involved in issues, pull requests, code reviews, and security reports. Yet, cheaper generation does not mean cheaper review - and the resulting maintenance burden has pushed OSS projects to experiment with GenAI-specific rules in contribution guidelines, security policies, and repository instructions, even including a total ban on AI-assisted contributions. However, governing GenAI in OSS is far more than a ban-or-not question. The responses remain scattered, with neither a shared governance framework in practice nor a systematic understanding in research. Therefore, in this paper, we conduct a multi-stage analysis on various qualitative materials related to GenAI governance retrieved from 67 highly visible OSS projects. Our analysis identifies recurring concerns across contribution workflows, derives three governance orientations, and maps out 12 governance strategies and their implementation patterns. We show that governing GenAI in OSS extends well beyond banning - it requires coordinated responses across accountability, verification, review capacity, code provenance, and platform infrastructure. Overall, our work distills dispersed community practices into a structured overview, providing a conceptual baseline for researchers and a practical reference for maintainers and platform designers.

翻译：生成式AI在开源软件中扮演着日益重要的角色。除了完成代码和文档外，生成式AI正越来越多地参与到议题、拉取请求、代码审查和安全报告中。然而，更低的生成成本并不意味着更低的审查成本——由此产生的维护负担已促使开源项目在贡献指南、安全策略和仓库说明中尝试制定针对生成式AI的规则，甚至包括全面禁止AI辅助贡献。然而，在开源软件中治理生成式AI远非一个“禁止与否”的问题。现有的应对措施仍较为分散，实践中缺乏共享的治理框架，研究中亦缺乏系统性的理解。因此，本文对从67个高知名度开源项目中收集的、与生成式AI治理相关的各类定性材料进行了多阶段分析。我们的分析识别了贡献流程中反复出现的关切点，推导出三种治理导向，并梳理出12种治理策略及其执行模式。研究表明，在开源软件中治理生成式AI远不止于禁止——它需要在问责机制、验证、审查能力、代码溯源和平台基础设施方面采取协调一致的应对措施。总体而言，我们的工作将分散的社区实践提炼为结构化的概述，为研究人员提供了概念基础，也为维护者和平台设计者提供了实践参考。