lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202507251356.4396F1F@keescook>
Date: Fri, 25 Jul 2025 14:03:24 -0700
From: Kees Cook <kees@...nel.org>
To: Steven Rostedt <rostedt@...dmis.org>
Cc: Jakub Kicinski <kuba@...nel.org>, Sasha Levin <sashal@...nel.org>,
	workflows@...r.kernel.org, linux-doc@...r.kernel.org,
	linux-kernel@...r.kernel.org, konstantin@...uxfoundation.org,
	corbet@....net, josh@...htriplett.org
Subject: Re: [RFC 0/2] Add AI coding assistant configuration to Linux kernel

On Fri, Jul 25, 2025 at 03:00:46PM -0400, Steven Rostedt wrote:
> Also, I would argue that it would be useful in the change log as if there's
> a bug in the generated code, you know who or *what* to blame. Especially if
> there is a pattern to be found.

Yeah, this is where I feel like it's the most potentially useful. Since
they are distinctly code-generators, we should include the info to
identify it. We include version numbers and such the compilers and
linkers, though they are only informally included in commit logs when
dealing with specific problems.

Having had to do "find all commits from [set of authors]" research for
security audits, I would be very unhappy if I had to do this again in
the future for a specific Agent (used any author), and had to loop lore
into the process. Yes, it's *doable*, but it'd be very annoying.

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ