lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LRH.2.00.2508050000580.22517@gjva.wvxbf.pm>
Date: Tue, 5 Aug 2025 00:03:29 +0200 (CEST)
From: Jiri Kosina <kosina@...il.com>
To: Sasha Levin <sashal@...nel.org>
cc: Michal Hocko <mhocko@...e.com>, David Hildenbrand <david@...hat.com>, 
    Greg KH <gregkh@...uxfoundation.org>, Vlastimil Babka <vbabka@...e.cz>, 
    corbet@....net, linux-doc@...r.kernel.org, workflows@...r.kernel.org, 
    josh@...htriplett.org, kees@...nel.org, konstantin@...uxfoundation.org, 
    linux-kernel@...r.kernel.org, rostedt@...dmis.org
Subject: Re: [PATCH 0/4] Add agent coding assistant configuration to Linux
 kernel

On Mon, 4 Aug 2025, Sasha Levin wrote:

> > The above guidance is quite vague. How me as a maintainer should know
> > that whatever AI tool has been used is meeting those two conditions
> 
> In exactly the same way you know that a human contributor didn't copy
> code with an incompatible license.
> 
> Quoting from Documentation/process/5.Posting.rst :
> 
> 	 - Signed-off-by: this is a developer's certification that he or
> 	   she has the right to submit the patch for inclusion into the
> 	   kernel.  It is an agreement to the Developer's Certificate of
> 	   Origin, the full text of which can be found in
> 	   :ref:`Documentation/process/submitting-patches.rst
> 	   <submittingpatches>` Code without a proper signoff cannot be
> 	   merged into the mainline.
> 
> The Signed-off-by tag doesn't mean that a commit was reviewed, it
> doesn't mean that someone tested it, nor does it indicate that the
> person who signed off belives it is correct.
> 
> It only means that the person has legally certified to you what is
> stated in the DCO.

Al made a very important point somewhere earlier in this thread.

The most important (from the code quality POV) thing is -- is there a 
person that understands the patch enough to be able to answer questions 
(coming from some other human -- most likely reviewer/maintainer)?

That's not something that'd be reflected in DCO, but it's very important 
fact for the maintainer's decision process.

-- 
Jiri Kosina
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ