lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250805092907.114eeb23@gandalf.local.home>
Date: Tue, 5 Aug 2025 09:29:07 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Laurent Pinchart <laurent.pinchart@...asonboard.com>
Cc: Sasha Levin <sashal@...nel.org>, dan.j.williams@...el.com, Jiri Kosina
 <kosina@...il.com>, Michal Hocko <mhocko@...e.com>, David Hildenbrand
 <david@...hat.com>, Greg KH <gregkh@...uxfoundation.org>, Vlastimil Babka
 <vbabka@...e.cz>, corbet@....net, linux-doc@...r.kernel.org,
 workflows@...r.kernel.org, josh@...htriplett.org, kees@...nel.org,
 konstantin@...uxfoundation.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/4] Add agent coding assistant configuration to Linux
 kernel

On Tue, 5 Aug 2025 02:39:06 +0300
Laurent Pinchart <laurent.pinchart@...asonboard.com> wrote:

> > >
> > >"Be prepared to declare a confidence interval in every detail of a patch
> > >series, especially any AI generated pieces."  

Honestly, I think we need to state that.

> > 
> > Something along the lines of a Social Credit system for the humans
> > behind the keyboard? :)
> > 
> > Do we want to get there? Do we not?  
> 
> Don't we have one already ? I'm pretty sure every maintainer keeps a
> mental list of trust scores, and uses them when reviewing patches.
> Patch submitter who doesn't perform due diligence usually lose points,
> especially if the offences occur repeatedly (newcomers often get a few
> free passes thanks to their inexperience and the benefit of the doubt,
> at least with most maintainers). 
> 
> LLMs increase the scale of the problem, and also makes it easier to fake
> due diligence. I believe it's important to make it very clear to
> contributors that they will suffer consequences if they don't hold up to
> the standards we expect.

My question is, do we want to document expectations of a patch being
submitted. It's been a while since I fully read SubmittingPatches (so much
so, I last read it when it was called that!). Maybe it's already in there.

If not, perhaps we need to update the document with the idea that people
will now be using AI more often to help them do their work. That's still
not an excuse to not understand the code that is being submitted.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ