Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo

["Kévin GASPARD DE RENEFORT" <kevingaspard@koshie.fr>]

> Thanks for clarifying that, it wasn't clear to me when I read the
> earlier e-mail.
>
> Personally I think the long term solution is to identify critical code
> bases that have a low bus factor before the bad actors do and make a
> concentrated community effort to help audit and maintain these code
> bases.

Hi,

I hope this is not a stupid suggestion, that is also my first mail here 
so if something does not suits habits feel free to tell me please, but 
after reading the whole topic here I did not find this suggestion.

It’s merely a proposition out of my mind, also something I know very 
little about.

---

I read Linus T. speaking about usage of AI nowadays, in the IT field and 
stating that is an awful idea to write code with it (at least, for now)… 
But not to ask an AI to read the code and try to found by this way 
security holes, bad habits, bugs and such.

Again, my skill and knowledge about AI, specially nowadays, is very 
small. But would take it lot of works to sets an AI to simple «read» 
codes to look for undesired stuff ? That won’t even modify anything, 
merely says : «Ah, found something weird, **here**.». Maybe, properly 
configured, it would have detected this social-hacking. Maybe not.

Since programming is a very hard works, specially when it’s about 
security and bug, I also have very poor programing skill, but since the 
whole purpose of a computer and it’s set of software is to do what an 
human could NOT do properly (like being attentives while reading dozens 
of hundreds line of code…) and automate stuff, it *seems* to perfectly 
suits this need.

I guess the process on Gentoo side while it’s about "packaging" is 
writing the good ebuild that download source code, compressed (and that 
is the whole problem here if I understand) and then unpack it, compile 
it, etc…

Could an AI reading the code could be a step somewhere ?

On other distribution I would say it needs to act **before** the package 
is made, while building it I guess, for Gentoo I do not know.

But that is not the job of Gentoo’s ebuild writer to check other 
projects code, that would be a non-sense ! Right ?

I’m curious of what an AI could bring in this subject.

If it’s a stupid suggestion, well, will keep reading this topic, very 
interesting. And sorry for the noise.

PS: Thanks for the works behind libre software, open-source and here, 
Gentoo. I trust you since I do not have knowledge to judge properly the 
works, but Gentoo is indeed one of the best Linux available, if not the 
best in some field. Don’t let burn-out takes you and keep your real 
priority among everything, even Gentoo or libre software. We are humans, 
not machines.

Regards,
GASPARD DE RENEFORT Kévin