| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 2 Jul 2023 08:54:28 +1000 (AEST)
From: Finn Thain <fthain@...ux-m68k.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
cc: Steven Rostedt <rostedt@...dmis.org>,
tech-board-discuss@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org
Subject: Re: [Tech-board-discuss] Measurement, was Re: [PATCH] Documentation:
Linux Contribution Maturity Model and the wider community
On Sat, 1 Jul 2023, Greg Kroah-Hartman wrote:
> On Sat, Jul 01, 2023 at 11:46:18AM +1000, Finn Thain wrote:
> > BTW. I assume that 'Fixes' tags are already being used to train AI
> > models to locate bugs in existing code. If this could be used to
> > evaluate new patches when posted, it might make the code review
> > process more efficient.
>
> That has been happening for many many years now with papers being
> published about it and many conference presentations. It shouldn't be a
> secret it's been happening and directly helping with stable kernel
> maintenance for a long time.
>
Many years ago it struck me that the deficiencies of checkpatch.pl could
be addressed with coccinelle but I still don't see this happening on the
lists I read.
I see reviewers being spared from having to examine many flawed patches
because the zero-day bot intercepted them and fed them to static
analyzers. But I still don't see coccinelle being used to the same end
i.e. to reduce the burden on reviewers and maintainers.
Has no-one tried it, or did it not work out?
Powered by blists - more mailing lists