From: James Le Cuirot <chewi@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo
Date: Mon, 01 Apr 2024 21:07:27 +0100 [thread overview]
Message-ID: <8a9b2e511539d9aec1d16b34cadc6d9a17a5a9a5.camel@gentoo.org> (raw)
In-Reply-To: <1900a96a-62a5-4c84-813b-da654285cd53@koshie.fr>
[-- Attachment #1: Type: text/plain, Size: 3585 bytes --]
On Mon, 2024-04-01 at 20:51 +0200, Kévin GASPARD DE RENEFORT wrote:
> > Thanks for clarifying that, it wasn't clear to me when I read the
> > earlier e-mail.
> >
> > Personally I think the long term solution is to identify critical code
> > bases that have a low bus factor before the bad actors do and make a
> > concentrated community effort to help audit and maintain these code
> > bases.
>
> Hi,
>
> I hope this is not a stupid suggestion, that is also my first mail here
> so if something does not suits habits feel free to tell me please, but
> after reading the whole topic here I did not find this suggestion.
>
> It’s merely a proposition out of my mind, also something I know very
> little about.
>
> ---
>
> I read Linus T. speaking about usage of AI nowadays, in the IT field and
> stating that is an awful idea to write code with it (at least, for now)…
> But not to ask an AI to read the code and try to found by this way
> security holes, bad habits, bugs and such.
>
> Again, my skill and knowledge about AI, specially nowadays, is very
> small. But would take it lot of works to sets an AI to simple «read»
> codes to look for undesired stuff ? That won’t even modify anything,
> merely says : «Ah, found something weird, **here**.». Maybe, properly
> configured, it would have detected this social-hacking. Maybe not.
>
> Since programming is a very hard works, specially when it’s about
> security and bug, I also have very poor programing skill, but since the
> whole purpose of a computer and it’s set of software is to do what an
> human could NOT do properly (like being attentives while reading dozens
> of hundreds line of code…) and automate stuff, it *seems* to perfectly
> suits this need.
>
> I guess the process on Gentoo side while it’s about "packaging" is
> writing the good ebuild that download source code, compressed (and that
> is the whole problem here if I understand) and then unpack it, compile
> it, etc…
>
> Could an AI reading the code could be a step somewhere ?
>
> On other distribution I would say it needs to act **before** the package
> is made, while building it I guess, for Gentoo I do not know.
>
> But that is not the job of Gentoo’s ebuild writer to check other
> projects code, that would be a non-sense ! Right ?
>
> I’m curious of what an AI could bring in this subject.
>
> If it’s a stupid suggestion, well, will keep reading this topic, very
> interesting. And sorry for the noise.
>
> PS: Thanks for the works behind libre software, open-source and here,
> Gentoo. I trust you since I do not have knowledge to judge properly the
> works, but Gentoo is indeed one of the best Linux available, if not the
> best in some field. Don’t let burn-out takes you and keep your real
> priority among everything, even Gentoo or libre software. We are humans,
> not machines.
>
> Regards,
> GASPARD DE RENEFORT Kévin
That's not stupid at all, I'd been thinking exactly the same thing. I raised
this whole issue during a discussion at FOSDEM 2019, where I admitted that I
didn't check the code changes for packages I was bumping, knowing that few to
none of the other people in the room did so either. Despite speaking up then,
I still didn't do it because it's a heavy a burden and I'm not paid to do it.
Now I'm thinking I really should, but I could really use some help. I'll raise
this idea at work. You could say that we specialise in these things. :)
Regards,
Chewi
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 858 bytes --]
next prev parent reply other threads:[~2024-04-01 20:07 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-30 3:07 [gentoo-dev] Current unavoidable use of xz utils in Gentoo Eddie Chapman
2024-03-30 3:43 ` orbea
2024-03-30 7:06 ` Dale
2024-03-30 10:47 ` [gentoo-dev] " Duncan
2024-03-30 11:32 ` [gentoo-dev] " Rich Freeman
2024-03-30 14:57 ` Eddie Chapman
2024-03-30 15:02 ` Michał Górny
2024-03-30 15:17 ` Eddie Chapman
2024-03-30 15:29 ` Michał Górny
2024-03-30 15:59 ` Eddie Chapman
2024-03-30 16:07 ` Dale
2024-03-30 17:13 ` Re[2]: " Stefan Schmiedl
2024-03-30 17:36 ` Eddie Chapman
2024-03-31 1:41 ` Thomas Gall
2024-03-30 23:49 ` Eddie Chapman
2024-03-31 1:36 ` Eli Schwartz
2024-03-30 15:23 ` orbea
2024-03-30 15:14 ` Rich Freeman
2024-03-30 17:19 ` Eddie Chapman
2024-03-31 1:25 ` Sam James
2024-03-31 1:33 ` Eli Schwartz
2024-03-31 11:13 ` Eddie Chapman
2024-03-31 11:59 ` Matt Jolly
2024-04-01 7:57 ` Eddie Chapman
2024-04-01 14:50 ` Eli Schwartz
2024-04-02 8:43 ` Eddie Chapman
2024-04-02 19:46 ` Eli Schwartz
2024-04-02 20:19 ` Eddie Chapman
2024-04-01 14:55 ` Michał Górny
2024-04-02 9:02 ` Eddie Chapman
2024-04-01 15:14 ` Kenton Groombridge
2024-04-01 15:40 ` orbea
2024-04-01 16:01 ` Kenton Groombridge
2024-04-01 16:21 ` orbea
2024-04-01 18:51 ` Kévin GASPARD DE RENEFORT
2024-04-01 20:07 ` James Le Cuirot [this message]
2024-04-02 6:32 ` Joonas Niilola
2024-03-31 11:32 ` stefan11111
2024-04-01 14:56 ` Azamat Hackimov
2024-04-02 19:32 ` Eddie Chapman
2024-04-03 11:47 ` [gentoo-dev] " Duncan
2024-04-03 12:14 ` Sam James
2024-04-03 15:30 ` [gentoo-dev] " Eddie Chapman
2024-04-03 16:40 ` Michael Orlitzky
2024-04-04 3:20 ` [gentoo-dev] " Duncan
2024-04-04 3:49 ` [gentoo-dev] " Eli Schwartz
2024-04-04 8:32 ` Sam James
2024-04-04 8:34 ` Kévin GASPARD DE RENEFORT
2024-04-04 14:38 ` Eddie Chapman
2024-04-04 14:24 ` Eddie Chapman
2024-04-06 11:57 ` Eddie Chapman
2024-04-06 12:15 ` Ulrich Mueller
2024-04-06 12:34 ` Roy Bamford
2024-04-06 14:04 ` Fabian Groffen
2024-04-07 6:44 ` Eddie Chapman
2024-04-06 16:15 ` Sam James
2024-04-07 11:24 ` Eddie Chapman
2024-04-11 5:21 ` Joonas Niilola
2024-04-12 7:18 ` [gentoo-dev] " Duncan
2024-04-13 7:10 ` [gentoo-dev] " Eddie Chapman
2024-04-03 12:22 ` [gentoo-dev] " Kévin GASPARD DE RENEFORT
2024-04-03 12:26 ` Kévin GASPARD DE RENEFORT
2024-04-04 1:41 ` Duncan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8a9b2e511539d9aec1d16b34cadc6d9a17a5a9a5.camel@gentoo.org \
--to=chewi@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox