Bug#1109121: rsyslog: tainted by “AI”

2025-07-12 Thread Ansgar 🙀 
Hi,

Thorsten Glaser wrote:
> Justification: code and/or documentation probably non-free
> 
> Our friends from Gentoo have uncovered this:
> 
> https://social.treehouse.systems/@mgorny/114835815375250264
> 
> In the linked-to article, the rsyslog author admits to having
> used so-called “AI” over the past 24 (!) months. This means that
> the code and/or documentation in recent releases is very likely
> non-free, as it’s created by mechanically transforming existing
> works without honouring their licences, and without even the
> possibility of auditing.
> 
> This makes recent releases of rsyslog not suitable for main,
> especially not as default syslogd implementation.

I don't agree with the claim, but note that seems to be controversial.

However this affects various other code bases as well, for example
src:linux[1]:

| As an example, he pointed to a patch credited to him that was merged
| for the 6.15 release. That patch was entirely written by an LLM,
| changelog included.

and

| Another example is the git-resolve script that was merged for 6.16.
| This script, which came out of a late 2024 discussion on ambiguous
| commit IDs, will resolve an ambiguous (or even incorrect) ID into a
| full commit. It, too, was generated with an LLM. Not only does it
| work, but it includes a full set of self tests, something he noted
| (with understatement) is unusual for code found in the kernel's
| scripts directory. LLMs, he said, ""won't give you a frowny face""
| when asked to generate tests. The script includes documentation
| (also unusual for that directory), and is being used on a daily
| basis in the kernel community.

which suggests that code with test coverage and/or documentation is
especially suspect ;-)

I would expect compilers, larger libraries, GUI stuff to include code
and/or documentation generated by LLMs as well by now. And this will
likely only increase. So even replacing src:linux with kFreeBSD is not
a working exit strategy if LLM generated code was a copyright
violation. (And presumably FreeBSD will have the same going on anyway.)

Ansgar

  [1]: https://lwn.net/Articles/1026558/

Bug#1109121: rsyslog: tainted by “AI”

2025-07-11 Thread Thorsten Glaser 
Source: rsyslog
Version: 8.2504.0-1
Severity: serious
Justification: code and/or documentation probably non-free

Our friends from Gentoo have uncovered this:

https://social.treehouse.systems/@mgorny/114835815375250264

In the linked-to article, the rsyslog author admits to having
used so-called “AI” over the past 24 (!) months. This means that
the code and/or documentation in recent releases is very likely
non-free, as it’s created by mechanically transforming existing
works without honouring their licences, and without even the
possibility of auditing.

This makes recent releases of rsyslog not suitable for main,
especially not as default syslogd implementation.

I recognise that this short before the trixie release is a bad
timing, but the author of rsyslog admits at having done this
underhandedly hidden for the last two years, so…



Personally, I’ve been happy with inetutils-syslogd, and, given
that many people would use systemd-journald’s features these days
anyway, it inetutils-syslogd probably makes for a better choice
as default syslogd implementation in Debian, forwarded to from
systemd-journald on systems using that (AIUI not even by default
any more). People who do rely on rsyslog can then install it from
non-free after initial system setup.