| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250730173528.GN222315@ZenIV>
Date: Wed, 30 Jul 2025 18:35:28 +0100
From: Al Viro <viro@...iv.linux.org.uk>
To: Sasha Levin <sashal@...nel.org>
Cc: Kees Cook <kees@...nel.org>, corbet@....net, linux-doc@...r.kernel.org,
workflows@...r.kernel.org, josh@...htriplett.org,
konstantin@...uxfoundation.org, linux-kernel@...r.kernel.org,
rostedt@...dmis.org
Subject: Re: [PATCH 2/4] agents: add core development references
On Wed, Jul 30, 2025 at 12:25:41PM -0400, Sasha Levin wrote:
> Critical Requirements:
>
> * License: ALL code MUST be GPL-2.0 only (see COPYING)
> * Signed-off-by: Agents MUST NOT add Signed-off-by tags
> (Only humans can legally certify code submission rights)
> * Attribution: Agents MUST add Co-developed-by tag:
> Co-developed-by: $AGENT_NAME $AGENT_MODEL $AGENT_VERSION
> Examples:
> - Co-developed-by: Claude claude-3-opus-20240229
> - Co-developed-by: GitHub-Copilot GPT-4 v1.0.0
* for any patch there must be some entity capable of usefully
answering questions about that patch. Legal certification
be damned, there must be somebody able to handle active
questioning.
And no, it's not the same as with human submitters. If entity
A sends a patch to maintainer B, who passes it along and gets
questions/feedback regarding that patch, B might have to resort
to passing the questions to A, to confirm their understanding
of the situation. And from what I've seen, LLM tend to do
very badly in such cases.
IOW, defending any agent-originated patch falls entirely upon
the human "co-developer". IMO that is a critical requirement.
Powered by blists - more mailing lists