lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wgEPve=BO=SOmgEOd4kv76bSbm0jWFzRzcs4Y7EedpgfA@mail.gmail.com>
Date: Mon, 10 Nov 2025 09:44:00 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Laurent Pinchart <laurent.pinchart@...asonboard.com>
Cc: Christian Brauner <brauner@...nel.org>, Dave Hansen <dave.hansen@...ux.intel.com>, 
	Vlastimil Babka <vbabka@...e.cz>, linux-kernel@...r.kernel.org, 
	"workflows@...r.kernel.org" <workflows@...r.kernel.org>, 
	"ksummit@...ts.linux.dev" <ksummit@...ts.linux.dev>, Steven Rostedt <rostedt@...dmis.org>, 
	Dan Williams <dan.j.williams@...el.com>, "Theodore Ts'o" <tytso@....edu>, 
	Sasha Levin <sashal@...nel.org>, Jonathan Corbet <corbet@....net>, Kees Cook <kees@...nel.org>, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Miguel Ojeda <ojeda@...nel.org>, 
	Shuah Khan <shuah@...nel.org>
Subject: Re: [PATCH] [v2] Documentation: Provide guidelines for tool-generated content

On Mon, 10 Nov 2025 at 09:25, Laurent Pinchart
<laurent.pinchart@...asonboard.com> wrote:
>
> Mechanical transformations are often performed with Coccinelle. Given
> how you mention that tool below, I wouldn't frame it as out of scope
> here.

Honestly, I think the documented rule should not aim to treat AI as
anything special at all, and literally just talk about tooling.

Exactly because we've used things like coccinelle (and much simpler
tools like 'sed', for that matter) for ages.

IOW, this should all be about "tool-assisted patches should be
described as such, and should explain how the tool was used".

If people send in patches that have been generated by tools, we
already ask people to just include the script in the commit message.

I mean, we already have commit messages that say things like

    This is a completely mechanical patch (done with a simple "sed -i"
    statement).

when people do mindless conversions that are so straightforward that
the actual sed patch isn't even documented (in that case is was
something like just

   sed -i 's/__ASSEMBLY__/__ASSEMBLER__/'

or whatever), and in other cases people include the actual script
(random example being commit 96b451d53ae9: "drm/{i915,xe}: convert
i915 and xe display members into pointers").

I think we should treat any AI generated patches similarly: people
should mention the tool it was done with, and the script (ok, the
"scripts" are called "prompts", because AI is so "special") used.

Sure, AI ends up making the result potentially much more subtle, but I
don't think the *issue* is new, and I don't think it should need to be
treated as such.

                 Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ