Linux security mailing list 'almost unmanageable'
Source: Hacker News
Linux kernel security mailing list overload
Linux kernel lead Linus Torvalds has called the project’s security mailing list “almost entirely unmanageable” after a surge of AI‑generated bug reports created massive duplication.
In his weekly state of the kernel post, Torvalds announced release candidate 4 for Linux 7.1 and described progress toward a full release as “fairly normal.” He then warned developers that the “continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools.”
“People spend all their time just forwarding things to the right people or saying ‘that was already fixed a week/month ago’ and pointing to the public discussion,” Torvalds complained.
He characterized the chatter as “all entirely pointless churn,” noting that AI‑detected bugs are, by definition, not secret. Keeping them on a private list “is a waste of time for everybody involved – and only makes that duplication worse because the reporters can’t even see each other’s reports.”
Torvalds’ advice on using AI
Torvalds offered a clear stance on how AI should be employed in security work:
“AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make‑believe work. Feel free to use them, but use them in a way that is productive and makes for a better experience.”
“The documentation may be a bit less blunt than I am, but that’s the core gist of it.”
“So just to make it really clear: If you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on top of what the AI did. Don’t be the drive‑by ‘send a random report with no real understanding’ kind of person. OK?”
Contrasting view from the kernel community
Torvalds’ remarks stand in contrast to comments from fellow kernel maintainer Greg Kroah‑Hartman, who told The Register that AI has become an increasingly useful tool for the FOSS community.
References
- Linus Torvalds’ original post: https://lkml.org/lkml/2026/5/17/896
- Greg Kroah‑Hartman interview: https://www.theregister.com/software/2026/03/26/linux-kernel-czar-says-ai-bug-reports-arent-slop-anymore/5226256