In an announcement regarding the upcoming preliminary release of kernel 7.1-rc4, Linus Torvalds has issued a plea to security researchers utilizing artificial intelligence (AI) to refrain from submitting vulnerability reports to the private mailing list “[email protected].” Torvalds emphasized the importance of adhering to recently implemented rules and threat models when disclosing information about vulnerabilities. The rationale behind this directive stems from the observation that the use of common AI tools often results in the identification of identical vulnerabilities, leading to a high volume of duplicate reports. The subsequent analysis of these duplicates places an excessive burden on maintainers and renders the management of the mailing list practically unfeasible.
It is emphasized that the “[email protected]” mailing list operates as a closed platform, allowing third-party researchers to submit reports while restricting access to the reports and discussions of other participants by kernel developers. The practice of privately evaluating issues generated by AI tools has been deemed inefficient, as it necessitates the allocation of resources toward sorting through duplicates and analyzing problems that have already been reported by others.
Consequently, it has been mandated that vulnerabilities identified through the use of AI should only be reported via public mailing lists, with the exception of exceptionally critical issues. Security researchers are encouraged to refrain from simply reposting outputs from AI assistants and instead conduct a thorough analysis of the problem, validate its existence, refer to relevant documentation on submitting bug reports, develop a patch, and verify if the issue has already been addressed in the current kernel codebase. This approach aims to prevent maintainers from being inundated with notifications concerning problems that have already been resolved in recent versions.
Torvalds highlighted the potential benefits of employing AI tools in kernel development, emphasizing that their usage should enhance productivity rather than complicate processes unnecessarily. The endorsement of AI tools within the context of kernel development is contingent upon their ability to yield tangible outcomes and streamline operations, ultimately contributing to a more efficient and satisfying work environment.