lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aILWAELwozskfIgj@gallifrey>
Date: Fri, 25 Jul 2025 00:55:28 +0000
From: "Dr. David Alan Gilbert" <linux@...blig.org>
To: Kees Cook <kees@...nel.org>
Cc: Steven Rostedt <rostedt@...dmis.org>,
	Konstantin Ryabitsev <konstantin@...uxfoundation.org>,
	corbet@....net, workflows@...r.kernel.org, josh@...htriplett.org,
	linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH] docs: submitting-patches: (AI?) Tool disclosure tag

* Kees Cook (kees@...nel.org) wrote:
> On Thu, Jul 24, 2025 at 07:45:56PM -0400, Steven Rostedt wrote:
> > My thought is to treat AI as another developer. If a developer helps you
> > like the AI is helping you, would you give that developer credit for that
> > work? If so, then you should also give credit to the tooling that's helping
> > you.
> > 
> > I suggested adding a new tag to note any tool that has done non-trivial
> > work to produce the patch where you give it credit if it has helped you as
> > much as another developer that you would give credit to.
> 
> We've got tags to choose from already in that case:
> 
> Suggested-by: LLM

For me, 'Suggested-by:' seems fine for where an LLM has
responded to a 'suggest improvements to this function'.

> or
> 
> Co-developed-by: LLM <not@...an.with.legal.standing>
> Signed-off-by: LLM <not@...an.with.legal.standing>
> 
> The latter seems ... not good, as it implies DCO SoB from a thing that
> can't and hasn't acknowledged the DCO.

Yeh, the Co-developed-by:  isn't terrible,  but in both that and the
Suggested-by: is there a standard for how you would refer to the tool?
IMHO it should not have an email address there otherwise it'll confuse tools 
into cc'ing them.

Dave

> 
> -- 
> Kees Cook
> 
-- 
 -----Open up your eyes, open up your mind, open up your code -------   
/ Dr. David Alan Gilbert    |       Running GNU/Linux       | Happy  \ 
\        dave @ treblig.org |                               | In Hex /
 \ _________________________|_____ http://www.treblig.org   |_______/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ