| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202507241418.34AFD28C@keescook> Date: Thu, 24 Jul 2025 14:20:03 -0700 From: Kees Cook <kees@...nel.org> To: "Dr. David Alan Gilbert" <linux@...blig.org> Cc: Konstantin Ryabitsev <konstantin@...uxfoundation.org>, corbet@....net, workflows@...r.kernel.org, josh@...htriplett.org, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [RFC PATCH] docs: submitting-patches: (AI?) Tool disclosure tag On Thu, Jul 24, 2025 at 09:12:30PM +0000, Dr. David Alan Gilbert wrote: > * Kees Cook (kees@...nel.org) wrote: > > [...] > > do for Coccinelle or other scripts. It's a bit buried in the Researcher > > Guidelines[1], but we have explicitly asked for details about tooling: > > > > When sending patches produced from research, the commit logs should > > contain at least the following details, so that developers have > > appropriate context for understanding the contribution. > > ... > > Specifically include details about any testing, static or dynamic > > analysis programs, and any other tools or methods used to perform the > > work. > > > > Maybe that needs to be repeated in SubmittingPatches? > > 'produced from research' is narrowing things down a bit too much I think > when it's people using the tools as their normal way of working. Right -- as currently written we have the explicit guideline for "produced from research" and kind of an unwritten rule to detail any complex tools involved for regular development (e.g. Coccinelle, syzkaller, etc). We could generalize the existing statement and repeat it in a better location? -- Kees Cook
Powered by blists - more mailing lists