It's eminently actionable -- the Django maintainers can decide their sensitivity/tolerance for false positives and operate from there. That's what every other open source project is doing.

(Again, I must emphasize that this is not telling people to not use LLMs, any more than telling people to wear a seatbelt would somehow be telling them to not drive a car.)