From: Simon Josefsson <simon@josefsson.org>
To: "Andreas K. Huettel" <dilfridge@gentoo.org>
Cc: "Morten Linderud" <foxboron@archlinux.org>,
"Michał Górny" <mgorny@gentoo.org>,
distributions@lists.linux.dev
Subject: Re: Looking for advice on how to deal with potential slop packages
Date: Mon, 23 Mar 2026 09:14:12 +0100 [thread overview]
Message-ID: <875x6nt12j.fsf@josefsson.org> (raw)
In-Reply-To: <2081671.zToM8qfIzz@noumea> (Andreas K. Huettel's message of "Mon, 23 Mar 2026 00:53:45 +0100")
[-- Attachment #1: Type: text/plain, Size: 1704 bytes --]
"Andreas K. Huettel" <dilfridge@gentoo.org> writes:
> Am Samstag, 7. März 2026, 16:31:18 Mitteleuropäische Normalzeit
> schrieb Simon Josefsson:
>> Morten Linderud <foxboron@archlinux.org> writes:
>>
>> > A lot of this is probably already a lost cause I think.
>>
>> +1
>
> Here's another example of a (cryptography-related) package gone full auto.
>
> https://github.com/cpan-authors/Crypt-OpenSSL-RSA/commits/main/?after=5d7e2e6faf3d6938b55aeebd40f5fb2379248c36+34
>
> Lost cause or not, shouldnt we even try to fight this tendency?
Could the answer be in the follow-on question "How?"?
I can't think of any feasible way to oppose this tendency today.
LLM-authored code is already part of a growing list of low-level and/or
security critical components of the free software eco-system --
including, if I'm not mistaken, Linux, systemd, OpenSSL, Go crypto, etc.
One reaction could be to build a GNU distribution based only on software
components that doesn't contain LLM-authored code. This assumes we can
even identify that code. I think that will be challenging -- some
projects are adopting policies to accept LLM-contributions that doesn't
acknowledge or mention that a LLM-assistant was used. How to make a
decision in that case?
A stronger reaction could be to build a GNU distribution based only on
software components that have a sufficiently strong no-LLM policy. A
100% "Human-written Software" distribution, based on something similar
to Debian's DFSG but replacing (or augmenting) 'free software' with
'human-written software'.
These things are do-able, but I don't see anyone verbalize the ideas and
starting the work involved.
/Simon
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 1251 bytes --]
next prev parent reply other threads:[~2026-03-23 8:59 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-07 10:38 Looking for advice on how to deal with potential slop packages Michał Górny
2026-03-07 12:07 ` Noé Lopez
2026-03-07 12:36 ` Morten Linderud
2026-03-07 15:31 ` Simon Josefsson
2026-03-08 4:00 ` Guillem Jover
2026-03-22 23:53 ` Andreas K. Huettel
2026-03-23 8:14 ` Simon Josefsson [this message]
2026-03-11 2:48 ` Sam James
2026-03-11 2:50 ` Sam James
2026-03-27 8:01 ` Bernhard M. Wiedemann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875x6nt12j.fsf@josefsson.org \
--to=simon@josefsson.org \
--cc=dilfridge@gentoo.org \
--cc=distributions@lists.linux.dev \
--cc=foxboron@archlinux.org \
--cc=mgorny@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.