At the KubeCon Europe conference, The Register interviewed Greg Kroah-Hartman, who maintains the stable and staging branches of the Linux kernel and serves as the maintainer of 16 kernel subsystems. The interview discusses Kroah-Hartman's approach to AI-powered bug reports. AI is already being used in the kernel for reviewing changes to the networking subsystem, eBPF, and DRM, and Google's Sashiko tool has recently been integrated for reviewing submitted changes.
Some of Greg's quotes:
- "A few months ago, we were getting what we called AI garbage—AI-generated security reports that were clearly incorrect or of low quality. It was even funny. We weren't particularly worried about it... A month ago, something happened, and the situation changed dramatically. Now we're getting real reports."
- "This situation isn't unique to Linux—all open source projects are receiving real reports generated by AI, and they're now high-quality and valid. Security teams at major open source projects are noticing the same trend in informal discussions."
- When asked what was causing this, Greg replied, “We don’t know. It seems like no one does. Either a lot of the tools have gotten a lot better, or people have started saying, ‘Hey, let’s figure this out.’ It seems like it affects a lot of different groups and companies. On the core side, we can handle it. Our team has gotten a lot bigger, it’s very distributed, and our growth is real and it’s not slowing down. These are small things, nothing major, but all open source projects could use some help with this. Smaller projects are much less able to handle a sudden influx of AI-generated bug and vulnerability reports that mention real bugs, not garbage.”
- Greg explained that when he asked the AI to find bugs in a proposed changelog, it found 60 and provided patches to fix them. Only a third of the found bugs were bugs, and only two-thirds of the patches were correct and didn't require any work, but it was far from useless. According to Greg, maintainers can't ignore this, especially as the AI's results are getting better. A "Co-developed:" tag has been added to mark patches created using AI. Despite some attempts to use AI to create new functionality, AI in the core is primarily used for change review.
- One of the most notable benefits of AI is the reduction in patch processing time. When the AI assistant identifies obvious issues, patch authors receive feedback long before a human maintainer has time to read the patch: "If I see that the system is reacting to something, it gives the author feedback faster than a maintainer could, and that's great. We already have a number of bots that check patches. If I notice that they throw an error, I immediately understand that as a maintainer, I don't even need to look at it. And the developer thinks, 'Oh, I can make a different version tomorrow,' which helps improve the feedback loop a little bit."
Source: opennet.ru
