On Wed, Jun 12, 2024 at 04:28:05AM -0300, Alfredo Ortega wrote:

> The 10000 patches number is just for the IPV4/IPV6 stack. I also don't
> think you should review or integrate them, because in a couple months
> when more advanced LLMs are made available I can regenerate all the
> patches in less than a morning with much better quality. And again
> every time a new LLM is released.
> 
> That's why I think of the patches as a post-processing step. I.E. you
> keep the regular process of development, and I or other people can
> refactor and release secure versions of the kernel/userland.

You have *not* demonstrated your patches will produce a more secure
version of the code. That's just a big assumption you made with zero
evidence.

> 
> It's great that you want to keep the development process human, but my
> opinion is that if you have AI adversaries (like we have now), you
> need AI protections.

Again, you assume AI will provide protection.

	-Otto

> 
> El mié, 12 jun 2024 a las 3:15, Theo de Raadt (<deraadt@openbsd.org>) escribió:
> >
> > I think the important thing to understand about complex software is that
> > it must be humanly comprehensible.
> >
> > Once abstractions levels become too grand (via human or automation
> > efforts), no human will put effort into understanding how the pieces fit
> > together, or put further effort into mutating the software to do some
> > new future thing.
> >
> > So in this conversation, 10,000 extra chunks of code -- we have a choice
> > between automation which will evict the human interest, or humans who
> > won't accept automation that will evict their future interest.
> >
> > One additional point.  This project has always been founded on keeping
> > patches minimal, explainable, etc.  That's 10,000 patches which will need
> > to be submitted in very small bundles, and trying to keep the attention
> > of reviewers.
> >
> > Oh, review isn't neccessary?  Amazing.  How did we ever get to this point.
> >