On 4/11/26 11:41, Collin Funk wrote:
Alan Coopersmith <[email protected]> writes:
Not directly related to the issues in GNU tar, but one of the reports
you shared [1]. See the following text:
I am happy to coordinate on a disclosure timeline. Please let me know
if you need additional information or testing.
This is one of many examples I have seen lately of people writing as if
they were sending private messages on a public list. I assume it is a
common LLM hallucination?
Yes, we saw it happen on the freetype mailing list as well recently - there it
was suggested that new people are unfamiliar with the concept of a publicly
subscribable/archived mailing list, as they all use web forums / tools instead
of email for collaboration now:
https://lists.nongnu.org/archive/html/freetype-devel/2026-03/msg00020.html
and the freetype.org contacts page was updated to try to clarify where to send
vulnerability reports privately.
I wouldn't be surprised to find out many LLMs don't understand the lists
they're mailing have public archives/subscriptions either.
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
