From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 73133158041 for ; Mon, 1 Apr 2024 18:51:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9CE062BC02D; Mon, 1 Apr 2024 18:51:29 +0000 (UTC) Received: from smtp-190a.mail.infomaniak.ch (smtp-190a.mail.infomaniak.ch [IPv6:2001:1600:4:17::190a]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 430322BC02A for ; Mon, 1 Apr 2024 18:51:28 +0000 (UTC) Received: from smtp-4-0000.mail.infomaniak.ch (smtp-4-0000.mail.infomaniak.ch [10.7.10.107]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4V7g8Z3g4PzyLG for ; Mon, 1 Apr 2024 20:51:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=koshie.fr; s=20231129; t=1711997486; bh=dV38ndqmrQ8qYhkw66pcGMufFPSXWBlPPr7v5JQ7HD0=; h=Date:Subject:To:References:From:In-Reply-To:From; b=oTJOtt4h5XYhnwrqm5FcYcIAOui10qDIpfZ3Zy9IMw0jZAHt1QAxEHQJQj26LEKOk H4vqZ9ITENnm4nKXBBbV8irbt753P9xyu+7cjY3ZoY4BGlBR5aXegmIvilqXmseAot zlTH5tS4ZmW0AvbhyGG+zqeE/hqSFYgKnwjraGphMovlmW+dLpGiRwLLt7k/jdLiok UuRnC8EKi6eoCJOBJvqJOEXe8MGzLIKGyErGj+hcKXyKpELbSDwpiIpbD6IpV6mcHH VJevvzZF9v2zBPJZTKH3Fi53o9se5MHlqo3Qy07EK3SX6zZMG149WIubdRo3E8IwEE BMYuoV88OKaqw== Received: from unknown by smtp-4-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4V7g8Z0wr0zK07 for ; Mon, 1 Apr 2024 20:51:24 +0200 (CEST) Message-ID: <1900a96a-62a5-4c84-813b-da654285cd53@koshie.fr> Date: Mon, 1 Apr 2024 20:51:24 +0200 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo To: gentoo-dev@lists.gentoo.org References: <42575b278b15f667e08084b83de0d7af.squirrel@ukinbox.ecrypt.net> <4pnr6chy4rgtpp6o2yrmdihqfalj2tjhlooscbk4k4de3hbcf3@72c2xd7bmmsn> <20240401084046.72639a7e@Akita> <20240401092113.7018fbec@Akita> Content-Language: fr, en-US From: =?UTF-8?Q?K=C3=A9vin_GASPARD_DE_RENEFORT?= In-Reply-To: <20240401092113.7018fbec@Akita> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Infomaniak-Routing: alpha X-Archives-Salt: 65b10f09-b48e-46a8-a62d-cd6c92551f90 X-Archives-Hash: a94184515df80a01fc8f48d5b44c4835 > Thanks for clarifying that, it wasn't clear to me when I read the > earlier e-mail. > > Personally I think the long term solution is to identify critical code > bases that have a low bus factor before the bad actors do and make a > concentrated community effort to help audit and maintain these code > bases. Hi, I hope this is not a stupid suggestion, that is also my first mail here so if something does not suits habits feel free to tell me please, but after reading the whole topic here I did not find this suggestion. It’s merely a proposition out of my mind, also something I know very little about. --- I read Linus T. speaking about usage of AI nowadays, in the IT field and stating that is an awful idea to write code with it (at least, for now)… But not to ask an AI to read the code and try to found by this way security holes, bad habits, bugs and such. Again, my skill and knowledge about AI, specially nowadays, is very small. But would take it lot of works to sets an AI to simple «read» codes to look for undesired stuff ? That won’t even modify anything, merely says : «Ah, found something weird, **here**.». Maybe, properly configured, it would have detected this social-hacking. Maybe not. Since programming is a very hard works, specially when it’s about security and bug, I also have very poor programing skill, but since the whole purpose of a computer and it’s set of software is to do what an human could NOT do properly (like being attentives while reading dozens of hundreds line of code…) and automate stuff, it *seems* to perfectly suits this need. I guess the process on Gentoo side while it’s about "packaging" is writing the good ebuild that download source code, compressed (and that is the whole problem here if I understand) and then unpack it, compile it, etc… Could an AI reading the code could be a step somewhere ? On other distribution I would say it needs to act **before** the package is made, while building it I guess, for Gentoo I do not know. But that is not the job of Gentoo’s ebuild writer to check other projects code, that would be a non-sense ! Right ? I’m curious of what an AI could bring in this subject. If it’s a stupid suggestion, well, will keep reading this topic, very interesting. And sorry for the noise. PS: Thanks for the works behind libre software, open-source and here, Gentoo. I trust you since I do not have knowledge to judge properly the works, but Gentoo is indeed one of the best Linux available, if not the best in some field. Don’t let burn-out takes you and keep your real priority among everything, even Gentoo or libre software. We are humans, not machines. Regards, GASPARD DE RENEFORT Kévin