Thanks for clarifying that, it wasn't clear to me when I read the
earlier e-mail.
Personally I think the long term solution is to identify critical code
bases that have a low bus factor before the bad actors do and make a
concentrated community effort to help audit and maintain these code
bases.
Hi,
I hope this is not a stupid suggestion, that is also my first mail here
so if something does not suits habits feel free to tell me please, but
after reading the whole topic here I did not find this suggestion.
It’s merely a proposition out of my mind, also something I know very
little about.
---
I read Linus T. speaking about usage of AI nowadays, in the IT field and
stating that is an awful idea to write code with it (at least, for now)…
But not to ask an AI to read the code and try to found by this way
security holes, bad habits, bugs and such.
Again, my skill and knowledge about AI, specially nowadays, is very
small. But would take it lot of works to sets an AI to simple «read»
codes to look for undesired stuff ? That won’t even modify anything,
merely says : «Ah, found something weird, **here**.». Maybe, properly
configured, it would have detected this social-hacking. Maybe not.
Since programming is a very hard works, specially when it’s about
security and bug, I also have very poor programing skill, but since the
whole purpose of a computer and it’s set of software is to do what an
human could NOT do properly (like being attentives while reading dozens
of hundreds line of code…) and automate stuff, it *seems* to perfectly
suits this need.
I guess the process on Gentoo side while it’s about "packaging" is
writing the good ebuild that download source code, compressed (and that
is the whole problem here if I understand) and then unpack it, compile
it, etc…
Could an AI reading the code could be a step somewhere ?
On other distribution I would say it needs to act **before** the package
is made, while building it I guess, for Gentoo I do not know.
But that is not the job of Gentoo’s ebuild writer to check other
projects code, that would be a non-sense ! Right ?
I’m curious of what an AI could bring in this subject.
If it’s a stupid suggestion, well, will keep reading this topic, very
interesting. And sorry for the noise.
PS: Thanks for the works behind libre software, open-source and here,
Gentoo. I trust you since I do not have knowledge to judge properly the
works, but Gentoo is indeed one of the best Linux available, if not the
best in some field. Don’t let burn-out takes you and keep your real
priority among everything, even Gentoo or libre software. We are humans,
not machines.
Regards,
GASPARD DE RENEFORT Kévin
