Linux creator Linus Torvalds has said that the Linux kernel's security mailing list has become almost impossible to manage due to an influx of AI-generated bug reports. Many of these reports duplicate issues already filed by other researchers using the same tools. Torvalds mentioned this in his weekly "state of the kernel" post, where he announced the fourth release candidate of Linux 7.1.
"The ongoing flood of AI reports has made the security list nearly unmanageable, with a lot of duplication because different people are finding the same problems with the same tools," Torvalds explained.
He added that maintainers are spending most of their time just forwarding reports to the right people or pointing out that an issue was already fixed weeks or months earlier, often referencing the public discussion.
Why Torvalds Says the Private Security List Is the Wrong Place for AI Bug Reports
Torvalds pointed out that bugs identified by AI are not suitable for discussion on the project's private security mailing list because the same tools used to detect them are available to everyone. He explained that AI-detected bugs are generally not secret, and discussing them privately would be a waste of time for everyone involved.
He also noted that keeping this process private can make the problem of duplicate reports worse, since reviewers cannot see each other's submissions.
How Torvalds Wants Developers to Use AI for Kernel Security
Torvalds clarified that he does not want AI tools to be excluded from kernel development. Instead, he encourages researchers to use these tools more effectively. "If you find a bug using AI tools, chances are someone else has already found it," he wrote. "To add real value, read the documentation, create a patch, and build on what the AI has provided.
Avoid simply submitting a report without understanding the issue." He also directed contributors to the project's security documentation, which outlines the expectations for reports.
Maintainers Clash Over the Value of AI-Generated Reports
Torvalds' comments differ from recent remarks by fellow kernel maintainer Greg Kroah-Hartman. In March, Kroah-Hartman told The Register that AI bug reports had shifted from low-quality submissions to genuinely useful contributions.
This disagreement highlights ongoing questions within open-source projects about how to incorporate AI-assisted security research without overwhelming maintainers.
The issue is further underscored by a separate proposal from Nvidia engineer Sasha Levin. Levin suggested a Linux kernel killswitch mechanism to allow administrators to disable vulnerable functions temporarily while waiting for patches. Both points reflect increasing pressure on the kernel security workflow as AI tools become more widely used by external researchers.
Thank you for being a Ghacks reader. The post Linus Torvalds Says AI-Generated Bug Reports Have Made Linux Security Mailing List Unmanageable appeared first on gHacks.
☞ El artículo completo original de Arthur Kay lo puedes ver aquí
No hay comentarios.:
Publicar un comentario