They should make a separate mailing list specifically for people who use AI, to concatenate their results and boil it down to something manageable for a human to review.
It’s like having a porch light a few feet away from the door to attract all the moths so they don’t come inside whenever you open the door.
Why do you think the kind of obnoxious cunt who uses an LLM to spam a Linux mailing list would voluntarily use another? AI-bros, as a rule, do not respect others.
Maybe use idea from PGP/GPG which is web of trust where people are added based on others vouching for them.
To make it somewhat available others can join as well but for a fee and at the lowest level. The fee would be determined on amount of cunts.
If somebody would not follow rules they would be marked as not trusted but money wouldn’t be refunded they would have to pay again.
The money could be used as donations to fund the project.
If there’s somebody who couldn’t afford those fees, they could still find someone who could vouch for them and bypass it.
While this kind of staking could deter bad actors, it might also deter casual contributors. If I just so happen to stumble upon a kernel bug and have a quick and easy way to report it, I’ll probably do so. If you make me jump through a lot of hoops to first make a deposit, I might not.
Maybe force it some way, I don’t know. Find a backend software solution. Figure a way to programmatically identify when AI was used and automatically route it somewhere else? Or force them to fill out a dropdown menu saying whether AI was used or not?
You’re telling me the Linux Foundation can’t engineer a viable software solution?
If it were that easy, we wouldn’t be in this situation. Education wouldn’t be under attack, social media wouldn’t be flooded with bots. LLM detection is incredibly unreliable and anyone saying they’ve cracked it is selling snake oil. There are techniques for image diffusion that are holding up currently but text is another story.
Checking a checkbox again relies on these chucklefucks being honest and decent and respectful people which they fundamentally aren’t.
It could be as simple as creating a whitelist of verified contributors who are trusted and routing everyone else through a filter. Or identifying the most serious offenders by looking at volume and frequency of contributions, making a list of the ones that are obviously automating, and routing those through the filter, which should still significantly reduce the number that require human review.
Neither of which are perfect solutions, but it could make the situation more manageable if you don’t trust people to be honest about whether their info was generated with AI.
They should make a separate mailing list specifically for people who use AI, to concatenate their results and boil it down to something manageable for a human to review.
I get it - like an AI summary!
It’s easy, we create a problem with AI, and the best solution is to use even more AI, and when everyone is dependant on it to manage digital infrastructure that used to function for decades, then we raise the price.
Maybe they could use an LLM to make a summary of the results!
Ideally, If the AI was truly any good at finding the bugs, a well trained AI could give it the ole wheat and chaff action.
we’re not there yet.
More like use a deterministic program to concatenate all the deltas, merge redundant ones, and present any conflicts to a human to rectify. Then a human can give it a final review before finalizing anything.
they should make another mailing list for ai generated reports that they totally read, and ban anyone who submits slop to the main one. not sure how feasible it is since spammers will just generate new emails, but at least they would have something clear to point out the malicious intent.
It would likely create more work and just result in two unmanageable mailing lists. Doubling the problem.
Sounds like the perfect solution!
the point being the mail list for ai slop is there just so it doesnt clog the actual one and anyone who breaks that can be blacklisted as malicious actor.
The problem isn’t that AI is maliciously spamming the mailing list, it’s that AI is able to find and report real or potential security vulnerabilities at rates that no human organization can process fast enough. Open source browsers and Linux have been slammed lately with vulnerabilities found by Mythos.
Aah… that is indeed a problem since the threats have to be dealt with fast once they are reported since they are now basically public…
If a public tool can find a CVE in minutes to hours, it doesn’t matter if some of the people using signed an NDA.
All it takes is someone how isn’t going to report it to also find and exploit it
So the exploitation window doesn’t start when it is reported it started at when the tool could have found it
llm sure have made world more shitty place…
I mean the alternitive, in this case, was security through obscurity, in which these exploits existed, could be reversed for years, and no one else would know .
This ai shit is fucking everything up for everyone.
I hate it with a passion.
When decade after decade the general solution to low effort spam bug reports was mostly just ignore it till it goes away cause people are lazy. Its not surprising it’s suddenly a massive problem when the barrier to entry to make a bug report dropped though the floor.
No one has ever bothered to figure out a proper solution to the problem. So kicking the can down the road is biting everyone in the ass at the same time.
Over the last 20 years every time iv seen devs bitch about spam bug reports iv always wondered why no one ever tries to find a long term reliable method to dealing with it. At best you see token efforts. Kinda funny to be honest.
I’m just imagining a bunch of sweaties telling people they work for Linux as a cybersec expert, burning through $300 of tokens a day.
For which they haven’t yet paid a single penny, because AI corpos need people to get addicted to their products.
We truly are witnessing the death of open source in real time. Thanks AI!
Let’s not being over-drammic here. They just need a better way to filter off AI junk request. They should be the one to do it? No, it suck. Is it fair? Not at all. Still this is what things are now.
Btw. People using Linux should remember that just because " it’s free" doesn’t mean it don’t cost money and resources to keep going. So:
DO YOUR PART AND DONATE TO YOUR DISTRO DEVELOPERS.
https://www.linuxfoundation.org/about/donate
I read that Linux Foundation spend only 3% on the Linux kernel. Where the rest go? Well one of their biggest spending is AI.
indeed! The open source community should adopt LLM powered mailing list filters. Basically new age version of “protection money” as you pay AI firms to stop other AI firms from drowning your organization.
Joking aside, the dead Internet theory is unfortunately looking pretty accurate.
LLM powered mailing list filters.
Deep Seek and other locally hosted options should be up to this task…
The reports don’t have to be irrelevant slop to be overwhelming.
To be fair, there’s no difference between a ai junk report and a human junk report. Literally not a single difference.
The problem is ai junk reports are easier to make and thus there’s more of them.
This EXACT same problem could have existed at any point in the past, and it’s been a problem in the past to a lesser degree.
No one ever bothered to fix it cause it resolved it self by virtue of people being lazy. Now the barrier is low enough that the problem they should have fixed two+ decades ago is biting them in the fucking ass.
This isn’t ai’s fault. Its entirely on developers fault as a whole. No one has ever figured out a way to deal with massive amounts of spam reliably. Because the solution has ALWAYS been to just ignore it till it goes away.
So now the devs of basically every community not just the Linux world. Has to figure out how to fix a decades old problem because their only solution has stopped working.
So while I agree it’s annoying that ai slop is being spammed to devs, and that the people doing it are fucking annoying twats. Its not their fault this is a problem. They are THE problem, they are not the cause or reason it IS a problem tho.
This is something I don’t think people are internalizing about (agentic) AI. Its disruption doesn’t stem from its “intelligence”, but in its persistence. We are very rapidly approaching an era of infinite agency, but our entire society is designed around people having limited agency. Everything assumes that a vast majority of people won’t bother to use their agency. Sending complaints to local government agencies, waiting in line for concert tickets, starting an online business, submitting pull requests, etc.; they all assume most people won’t bother; they’ll choose to use their limited agency on something else. Agentic AI will blow that all up; you’ll be able to point the AI at a goal on your behalf and not think about it again.
AI slop will hypothetically vanish as AI improves, but that doesn’t do anything to address the fact that we’ll all have effectively infinite agency.
they all assume most people won’t bother
There’s a sort of built-in compensation for “response rates” or “perception rates” - in my industry we trend customer complaints and act according to the data we receive, but we also know that for every complaint we receive there are typically 30 similar events that go unreported. We also know that certain “responders” are outliers and will report every single instance they experience (and sometimes embellish and create additional instances for dramatic effect) but these are exceedingly rare and usually “adjusted” to normal responder levels once identified.
Now, when people create AI agents to file the complaints for them… that’s a new level of response rates. 25 years ago I came close to doing this for airport flyover noise complaints - our local (international) airport had an obscure portal for local residents to complain when they were bothered by jet flyovers - and our neighborhood would get dozens of events per month where the noise was so loud you couldn’t hear the other side of a phone call INSIDE your house with the windows shut. Thousands of homes were impacted by this, often 4 or 5 times in a row within an hour or two. But, the complaint channel was so obscure and the reporting process inconvenient enough that very few complaints were recorded, and they loved to point out that 40% of their complaints came from a single resident. Smart phones weren’t a widespread thing yet, if they were I would have “made an app for that” where anytime you were “impacted” by a jet flyover all you would have to do is pull out your phone and tap the app to file a report. (I considered developing it for Palm Pilot, but I doubt even 10 residents would have carried Palm Pilots for the purpose of filing reports…) If we got a couple hundred residents across the neighborhood reporting even 10% of the troublesome flyovers, we might have changed the conversation - as it was the airport used the lack of complaints to justify no change in flight patterns.
We had a good idea early on for email spam, but we didn’t use it. There was a proposal for basically proof of work, sort of like what’s used in cryptocurrency, as a requirement to accept an email. While the threshold to defeat a lot of spam was low enough to not bother the average individual sending mail, businesses hated it because it would make it more expensive to bulk mail their users. Every time I see the thousands of bullshit emails in my inbox, I’m reminded that we endure spam to protect that.
I’m reading this as: we endure spam to protect spam
Why does everyone always use the old photos of chubby Linus?
Because they have to nerf him somehow, can’t just have worlds sexiest kernel developer getting everyone soaking wet all the time.
He’s getting older. Maybe they just want a younger shot.
Middle of last year:
Damn, I had no clue he looks like that now. He could be a captain on Starship Enterprise.
He looks so friendly and approachable in that picture
kinda like an anglerfish in that you are lured into a false sense of security which makes the straight to the jugular scathing responses even more effective.
Naaahhh, he’s not like that… I never met him but he can’t be like that; I mean look at him.
Huh, apparently he lost weight last year.
But that’s probably why, it only happened last year, and he’s not so much a public figure that he gets photographed often.
he’s still got a big heart on the inside
He needs an AI to fight the other AI
Cooperative agentic synthesis?
In other words, “It has way more bugs than we thought.”
Not everything an “AI bug hunter” finds is actually a bug.
Email systems and mailing lists are antiquated. Dumb behaviours make management of the system even harder.
As someone who has actually contributed to the linux kernel I think the kernel maintainers are doing a great job. Mailing lists work just fine.
Nobody said kernel maintainers aren’t doing a great job
Mailing lists work. Working fine would not be having these articles
I’m saying other hypothetical systems would work better
I’m saying other hypothetical systems would work better
Do you have an actual system in mind and a reason to believe it is more capable of handling a flood of junk reports? Otherwise this claim is a bit of a nothingburger that you can say about literally anything.
The problem with replacing e-mail is that e-mail works well enough.
Other hypothetically “superior” replacements come and go (Google Wave, Yammer, Jive) - some are sticking around in limited scopes (Slack / Teams) - but none have displaced e-mail completely. You always have to ask: “Are you on Teams/Facebook/X?” some people are, some people aren’t. Just about everyone at least has e-mail access, and uses it to some degree or another - if nothing else to verify identity for accounts on other services.
Well they worked fine until AI flooded the system. Any hypothetical system would still have that much traffic and be very hard to manage processing all that information on a human level.
No, they’ve fallen apart in the past too when there’s a wave of overzealous idiots. It’s just in the past you could ignore the problem and it would go away naturally because humans are generally speaking lazy and aren’t going to keep it up long-term.
The only thing AI has done is made the barrier to entry drop through the floor. It is made an existing problem that is always been there more noticeable.
The problem is not caused by AI. It’s not caused by the people who use AI. They are THE problem.
What caused the problem is decades of ignoring the problem and never finding a solution to a problem. Everyone with 2 seconds to stop and think about it. Knows has been a problem.
If you leave a hole in the floor, you can’t be mad. When rats start crawling up through it. The rat is a problem but you ignoring to fix the obvious problem that you’ve known about is the reason it’s a problem.
Mailing lists are great when your solution to low effort. Spam reports is to ignore them till they go away because people are generally lazy. Sadly falls apart when the barrier to entry for making a report has fallen through the floor.
Mailing lists are a really shitty way to do things if you need to actually deal with complex management problems. Like the one at hand.
Cuz they fall apart the moment. You start getting large amounts of people acting in bad faith or even acting in good faith like total idiots.
I agree with you. It makes interacting with Linux kernel development tedious and I think they like it that way.
It falls apart pretty quick when they reach a certain size which is what ai posts increase the chance of.
Still it has the advantages of being decentralized which keeps it off things like GitHub issues which is probably for the better.
You’re putting this like llm spam is somehow a managed problem in github issues, where it’s very much the same overwhelmed system with no good solution.
Basically every system that developers use have the same problem of falling apart. When too many people try to help either for good or ill reasons.
It says always been a problem as far back as you can go. Developers whoever take 2 seconds to think about the management side of things have known. This has been a problem as far back as you can go.
This problem has cropped up over the decades over and over again. The solution up to this point has always been ignore it. It will fix itself with time because people are lazy and will eventually get bored.
Which means that no one has ever actually tried to come up with a real solution. There have been Band-Aids minor efforts shitty attempts. But a good honest effort to deal with the problems that happened when too many people try to help.
Has never been addressed. And now that AI has functionally removed the ignorant till it goes away. Solution leaving developers all over the world without a real solution.
The problem is not AI. It’s not people submitting spam reports. The problem is the lack of anyone ever actually trying to make a scalable manageable system for this problem.
Ai is like rats crawling in through a hole in the floor. They are a problem. They are not the problem. So just trying to talk about this as if AI is the problem misses the actual one and thus makes it harder to find a real solution.
a real solution.
How about fixing the bugs so they’re not there to report? That’s the real “unpatched hole in the floor.”
Another “fight fire with fire” approach is to let agents do the screening for “duplicate report” and also pre-verify / test reports for reproducibility.
I’m not saying that at all.
Meh, as good as any other tool for a running private thread.
It’s not though, hence this issue. Moderation, organisation and management tools are lacking because it’s email
There are many such tools for email groups, and for the included audience, whipping up exactly what was needed for the job would be a pretty trivial task.
What do you suggest?
I think it’s time the Linux maintainers put their heads together and come up with a decentralised tool for managing these issues much in the same way git was created for managing the source code of Linux
Git was created because one of those developers actually had a problem. The fact that they haven’t tried to replace the mailing list yet suggests they don’t actually have a problem with it.
I guess the articles are about a big nothing
The problem highlighted by this article is the flood of slop. The mailing list is almost irrelevant, because regardless of whatever alternative you use, the flood of slop will still keep overwhelming it.
There are varying opinions about the quality of the reports: https://www.theregister.com/software/2026/03/26/linux-kernel-czar-says-ai-bug-reports-arent-slop-anymore/5226256
Emails don’t allow merging threads very easily. The issue is lots of duplicates. Other tools would increase the capability to handle the popularity
Linus always praises email. He does no social media and most of his internet usage is just email is what I gather from his conversations and interviews.
There are a few thousand other developers, any one of them could start working on a replacement if it bothered them enough. Granted, a lot of them will be grey beards who are happy with mailing lists, but still, the overall friction hasn’t pushed them far enough over the edge to replace it.
Linus is also basically the most nerdy luddite to have ever existed. His opinions on a LOT of tech past the 90s is highly suspect.
Its both a upside and a downside. Its part of the reason the Linux kernel is so reliable. But it’s also been a repeating source of issues around him over the years to various degrees.
I have recurring thoughts that the kernel needs to undergo a clear fork. One branch continues on as it is today. A new branch agressively restricts scope, drops support for sub 0.1% market (in use, not last quarter’s sales) share hardware - and software. Focuses intensively on making that core functionality as reliable and secure as possible. New features? No thanks, plenty of existing features already.
Almost like a Super-LTS version of the kernel?
