On Wed, Jun 17, 2026 at 10:38:55AM +0200, Kevin Wolf wrote: > Am 16.06.2026 um 19:06 hat Christian Borntraeger geschrieben: > > Am 29.05.26 um 11:46 schrieb Paolo Bonzini: > > > -Exceptions do not remove the need for authors to comply with all other > > > -requirements for contribution. In particular, the "Signed-off-by" > > > -label in a patch submission is a statement that the author takes > > > -responsibility for the entire contents of the patch, including any parts > > > -that were generated or assisted by AI tools or other tools. > > > +.. code-block:: none > > > + > > > + AI-used-for: tests, docs > > > + AI-used-for: code > > > + AI-used-for: code (refactoring) > > > + AI-used-for: code (prototype) > > > + AI-used-for: research > > > + > > > +``AI-used-for`` should not be included for "background" usage such as > > > +autocomplete or obtaining a pre-review of the patch. > > > > So what about using AI for security scanning? So how do we want to treat > > a patch from a human that is based on an AI report. > > And if ok, would we then add something like > > > > Reported-by: Claude, chatgpt whatever? > > I think it's effectively the same as Coverity, which we don't > acknowledge with a Reported-by tag, though we often mention it in the > commit message text. The same practice would make sense to me here. > > (Though of course for Coverity, we have the CID, which obviously doesn't > exist for things found with a one-off LLM run, so there is some > difference there.)
Incidentally does any ever find the CID to be useful in the commit message ? With regards, Daniel -- |: https://berrange.com ~~ https://hachyderm.io/@berrange :| |: https://libvirt.org ~~ https://entangle-photo.org :| |: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :|
