Am 16.06.2026 um 19:06 hat Christian Borntraeger geschrieben: > Am 29.05.26 um 11:46 schrieb Paolo Bonzini: > > -Exceptions do not remove the need for authors to comply with all other > > -requirements for contribution. In particular, the "Signed-off-by" > > -label in a patch submission is a statement that the author takes > > -responsibility for the entire contents of the patch, including any parts > > -that were generated or assisted by AI tools or other tools. > > +.. code-block:: none > > + > > + AI-used-for: tests, docs > > + AI-used-for: code > > + AI-used-for: code (refactoring) > > + AI-used-for: code (prototype) > > + AI-used-for: research > > + > > +``AI-used-for`` should not be included for "background" usage such as > > +autocomplete or obtaining a pre-review of the patch. > > So what about using AI for security scanning? So how do we want to treat > a patch from a human that is based on an AI report. > And if ok, would we then add something like > > Reported-by: Claude, chatgpt whatever?
I think it's effectively the same as Coverity, which we don't acknowledge with a Reported-by tag, though we often mention it in the commit message text. The same practice would make sense to me here. (Though of course for Coverity, we have the CID, which obviously doesn't exist for things found with a one-off LLM run, so there is some difference there.) Kevin
