lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251110145405.5bc87cc5@gandalf.local.home>
Date: Mon, 10 Nov 2025 14:54:05 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: "H. Peter Anvin" <hpa@...or.com>, Mike Rapoport <rppt@...nel.org>,
 Laurent Pinchart <laurent.pinchart@...asonboard.com>, Christian Brauner
 <brauner@...nel.org>, Dave Hansen <dave.hansen@...ux.intel.com>, Vlastimil
 Babka <vbabka@...e.cz>, linux-kernel@...r.kernel.org,
 "workflows@...r.kernel.org" <workflows@...r.kernel.org>,
 "ksummit@...ts.linux.dev" <ksummit@...ts.linux.dev>, Dan Williams
 <dan.j.williams@...el.com>, "Theodore Ts'o" <tytso@....edu>, Sasha Levin
 <sashal@...nel.org>, Jonathan Corbet <corbet@....net>, Kees Cook
 <kees@...nel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Miguel
 Ojeda <ojeda@...nel.org>, Shuah Khan <shuah@...nel.org>
Subject: Re: [PATCH] [v2] Documentation: Provide guidelines for
 tool-generated content

On Mon, 10 Nov 2025 11:36:00 -0800
Linus Torvalds <torvalds@...ux-foundation.org> wrote:

> What's the copyright difference between artificial intelligence and
> good oldfashioned wetware that isn't documented by "I used this tool
> and these sources".

Probably no difference. I would guess the real liability is for those that
use AI to submit patches. With the usual disclaimers of IANAL, I'm assuming
that when you place your "Signed-off-by", you are stating that you have the
right to submit this code. If it comes down that you did not have the right
to submit the code, the original submitter is liable.

I guess the question also is, is the maintainer that took that patch and
added their SoB also liable?

If it is discovered that the AI tool was using source code that it wasn't
supposed to be using, and then injected code that was pretty much verbatim
to the original source, where it would be a copyright infringement, would
the submitter of the patch be responsible? Would the maintainer?

I guess this would be no different if the submitter saw some code from a
proprietary project and cut and pasted it without understanding they were
not allowed to, and submitted that.

If the lawyers come back and say the onus is on the submitter and not the
maintainer that the code being submitted is legal to be submitted under
copyright law, then I'm perfectly fine in accepting any AI code (as long as
the submitter can prove they understand that code and the code is clean).

But until the lawyers state that explicitly, I can see why maintainers can
be nervous about accepting AI generated code. Perhaps this transparency can
make matters worse. As it can be argued that the maintainer knew it was a
questionable AI that generated the code? (Like it would be if a maintainer
knew the code being submitted was copied from a proprietary project)

This is out of scope of the current patch, as the patch is about
transparency and not AI acceptance.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ