Sashiko reviews for the LSM mailing list

Sashiko reviews for the LSM mailing list

[Mickaël Salaün]

Hi,

I've been reading Sashiko's (AI bot) reviews wrt Landlock patches, and
most of them were valuable.  It found issues (security or not), but it
requires to go to https://sashiko.dev to find them, which is too easy to
forget, and requires additional work from maintainers to copy or point
to these reviews.  I sent a PR (currently in draft) to enable email
replies from Sashiko to the Linux Security Module mailing list (most
patches are already reviewed anyway):
https://github.com/sashiko-dev/sashiko/pull/278

Making such reviews broadly available can improve the quality of patches
we receive without much noise, helping for all LSM-related code.  We can
fine tune some email-related settings if needed.

If there are any concern or question, this is the right time to start a
discussion.

Regards,
 Mickaël

Re: Sashiko reviews for the LSM mailing list

[Paul Moore]

On Mon, Jun 15, 2026 at 11:41 AM Mickaël Salaün <mic@digikod.net> wrote:
>
> Hi,
>
> I've been reading Sashiko's (AI bot) reviews wrt Landlock patches, and
> most of them were valuable.  It found issues (security or not), but it
> requires to go to https://sashiko.dev to find them, which is too easy to
> forget, and requires additional work from maintainers to copy or point
> to these reviews.  I sent a PR (currently in draft) to enable email
> replies from Sashiko to the Linux Security Module mailing list (most
> patches are already reviewed anyway):
> https://github.com/sashiko-dev/sashiko/pull/278
>
> Making such reviews broadly available can improve the quality of patches
> we receive without much noise, helping for all LSM-related code.  We can
> fine tune some email-related settings if needed.
>
> If there are any concern or question, this is the right time to start a
> discussion.

I recently enabled Sashiko for the SELinux list to trial it there
first, with the goal of eventually bringing this topic up for the rest
of the LSM folks on the LSM list.

While I think Sashiko's review comments are generally okay, you should
have contacted the LSM mailing list folks *before* submitting a PR
that would cause an automated bot to send email to the LSM list (this
applies to all automated emails, not just LLM reviews).  Please hold
the PR until you have given people a chance to comment on the issue.

Personally, I'm okay with it.

--
paul-moore.com

Re: Sashiko reviews for the LSM mailing list

[Mickaël Salaün]

On Mon, Jun 15, 2026 at 04:13:59PM -0400, Paul Moore wrote:
> On Mon, Jun 15, 2026 at 11:41 AM Mickaël Salaün <mic@digikod.net> wrote:
> >
> > Hi,
> >
> > I've been reading Sashiko's (AI bot) reviews wrt Landlock patches, and
> > most of them were valuable.  It found issues (security or not), but it
> > requires to go to https://sashiko.dev to find them, which is too easy to
> > forget, and requires additional work from maintainers to copy or point
> > to these reviews.  I sent a PR (currently in draft) to enable email
> > replies from Sashiko to the Linux Security Module mailing list (most
> > patches are already reviewed anyway):
> > https://github.com/sashiko-dev/sashiko/pull/278
> >
> > Making such reviews broadly available can improve the quality of patches
> > we receive without much noise, helping for all LSM-related code.  We can
> > fine tune some email-related settings if needed.
> >
> > If there are any concern or question, this is the right time to start a
> > discussion.
> 
> I recently enabled Sashiko for the SELinux list to trial it there
> first, with the goal of eventually bringing this topic up for the rest
> of the LSM folks on the LSM list.
> 
> While I think Sashiko's review comments are generally okay, you should
> have contacted the LSM mailing list folks *before* submitting a PR
> that would cause an automated bot to send email to the LSM list (this
> applies to all automated emails, not just LLM reviews).  Please hold
> the PR until you have given people a chance to comment on the issue.

As I explained just above, the PR is a draft (GitHub specific state for
WIP), so it cannot be merged as-is, but it is useful for reviews and for
LSM folks to get a look if they are interested.

> 
> Personally, I'm okay with it.

Looks good.  What about waiting a week to get some feedback here and
then ask for a merge of the PR?  Anyway, it would not be written in
stone, we can update Sashiko config with new PRs.

> 
> --
> paul-moore.com
> 

Re: Sashiko reviews for the LSM mailing list

[Paul Moore]

On Tue, Jun 16, 2026 at 4:49 AM Mickaël Salaün <mic@digikod.net> wrote:
> On Mon, Jun 15, 2026 at 04:13:59PM -0400, Paul Moore wrote:
> > On Mon, Jun 15, 2026 at 11:41 AM Mickaël Salaün <mic@digikod.net> wrote:
> > >
> > > Hi,
> > >
> > > I've been reading Sashiko's (AI bot) reviews wrt Landlock patches, and
> > > most of them were valuable.  It found issues (security or not), but it
> > > requires to go to https://sashiko.dev to find them, which is too easy to
> > > forget, and requires additional work from maintainers to copy or point
> > > to these reviews.  I sent a PR (currently in draft) to enable email
> > > replies from Sashiko to the Linux Security Module mailing list (most
> > > patches are already reviewed anyway):
> > > https://github.com/sashiko-dev/sashiko/pull/278
> > >
> > > Making such reviews broadly available can improve the quality of patches
> > > we receive without much noise, helping for all LSM-related code.  We can
> > > fine tune some email-related settings if needed.
> > >
> > > If there are any concern or question, this is the right time to start a
> > > discussion.
> >
> > I recently enabled Sashiko for the SELinux list to trial it there
> > first, with the goal of eventually bringing this topic up for the rest
> > of the LSM folks on the LSM list.
> >
> > While I think Sashiko's review comments are generally okay, you should
> > have contacted the LSM mailing list folks *before* submitting a PR
> > that would cause an automated bot to send email to the LSM list (this
> > applies to all automated emails, not just LLM reviews).  Please hold
> > the PR until you have given people a chance to comment on the issue.
>
> As I explained just above, the PR is a draft (GitHub specific state for
> WIP), so it cannot be merged as-is, but it is useful for reviews and for
> LSM folks to get a look if they are interested.
>
> > Personally, I'm okay with it.
>
> Looks good.  What about waiting a week to get some feedback here and
> then ask for a merge of the PR?

I would suggest enabling Sashiko for the LSM list, but not enabling
the email replies at first.  This would allow people to view the
reviews and perhaps make a better informed decision.

> Anyway, it would not be written in
> stone, we can update Sashiko config with new PRs.

It is worth noting that sashiko.dev updates are not immediate, so
there is a delay between a PR being merged and it taking effect.

-- 
paul-moore.com

Re: Sashiko reviews for the LSM mailing list

[Mickaël Salaün]

On Tue, Jun 16, 2026 at 10:11:42AM -0400, Paul Moore wrote:
> On Tue, Jun 16, 2026 at 4:49 AM Mickaël Salaün <mic@digikod.net> wrote:
> > On Mon, Jun 15, 2026 at 04:13:59PM -0400, Paul Moore wrote:
> > > On Mon, Jun 15, 2026 at 11:41 AM Mickaël Salaün <mic@digikod.net> wrote:
> > > >
> > > > Hi,
> > > >
> > > > I've been reading Sashiko's (AI bot) reviews wrt Landlock patches, and
> > > > most of them were valuable.  It found issues (security or not), but it
> > > > requires to go to https://sashiko.dev to find them, which is too easy to
> > > > forget, and requires additional work from maintainers to copy or point
> > > > to these reviews.  I sent a PR (currently in draft) to enable email
> > > > replies from Sashiko to the Linux Security Module mailing list (most
> > > > patches are already reviewed anyway):
> > > > https://github.com/sashiko-dev/sashiko/pull/278
> > > >
> > > > Making such reviews broadly available can improve the quality of patches
> > > > we receive without much noise, helping for all LSM-related code.  We can
> > > > fine tune some email-related settings if needed.
> > > >
> > > > If there are any concern or question, this is the right time to start a
> > > > discussion.
> > >
> > > I recently enabled Sashiko for the SELinux list to trial it there
> > > first, with the goal of eventually bringing this topic up for the rest
> > > of the LSM folks on the LSM list.
> > >
> > > While I think Sashiko's review comments are generally okay, you should
> > > have contacted the LSM mailing list folks *before* submitting a PR
> > > that would cause an automated bot to send email to the LSM list (this
> > > applies to all automated emails, not just LLM reviews).  Please hold
> > > the PR until you have given people a chance to comment on the issue.
> >
> > As I explained just above, the PR is a draft (GitHub specific state for
> > WIP), so it cannot be merged as-is, but it is useful for reviews and for
> > LSM folks to get a look if they are interested.
> >
> > > Personally, I'm okay with it.
> >
> > Looks good.  What about waiting a week to get some feedback here and
> > then ask for a merge of the PR?
> 
> I would suggest enabling Sashiko for the LSM list, but not enabling
> the email replies at first.  This would allow people to view the
> reviews and perhaps make a better informed decision.

The point of this PR and the related discussion is to enable email
replies, the reviews are already there.  As explained, my motivation for
this change is to get reviews, and without emails I suspect almost nobody
(will) take a look and that would not even be an experiment.  I'm saying
that because I forgot several times to take a look and it adds more work
to the review/maintenance.

FWIW, there are currently 41 kernel mailing lists registered:
https://github.com/sashiko-dev/sashiko/blob/main/sashiko.dev/email_policy.toml

> 
> > Anyway, it would not be written in
> > stone, we can update Sashiko config with new PRs.
> 
> It is worth noting that sashiko.dev updates are not immediate, so
> there is a delay between a PR being merged and it taking effect.

Sure and I don't think it's an issue.  It's really easy to filter
emails on any MUA if really needed, and I'm sure the Sashiko maintainers
would be able to fix things quickly if needed.

Re: Sashiko reviews for the LSM mailing list

[Paul Moore]

On Tue, Jun 16, 2026 at 10:59 AM Mickaël Salaün <mic@digikod.net> wrote:
> On Tue, Jun 16, 2026 at 10:11:42AM -0400, Paul Moore wrote:
> > On Tue, Jun 16, 2026 at 4:49 AM Mickaël Salaün <mic@digikod.net> wrote:
> > > On Mon, Jun 15, 2026 at 04:13:59PM -0400, Paul Moore wrote:
> > > > On Mon, Jun 15, 2026 at 11:41 AM Mickaël Salaün <mic@digikod.net> wrote:
> > > > >
> > > > > Hi,
> > > > >
> > > > > I've been reading Sashiko's (AI bot) reviews wrt Landlock patches, and
> > > > > most of them were valuable.  It found issues (security or not), but it
> > > > > requires to go to https://sashiko.dev to find them, which is too easy to
> > > > > forget, and requires additional work from maintainers to copy or point
> > > > > to these reviews.  I sent a PR (currently in draft) to enable email
> > > > > replies from Sashiko to the Linux Security Module mailing list (most
> > > > > patches are already reviewed anyway):
> > > > > https://github.com/sashiko-dev/sashiko/pull/278
> > > > >
> > > > > Making such reviews broadly available can improve the quality of patches
> > > > > we receive without much noise, helping for all LSM-related code.  We can
> > > > > fine tune some email-related settings if needed.
> > > > >
> > > > > If there are any concern or question, this is the right time to start a
> > > > > discussion.
> > > >
> > > > I recently enabled Sashiko for the SELinux list to trial it there
> > > > first, with the goal of eventually bringing this topic up for the rest
> > > > of the LSM folks on the LSM list.
> > > >
> > > > While I think Sashiko's review comments are generally okay, you should
> > > > have contacted the LSM mailing list folks *before* submitting a PR
> > > > that would cause an automated bot to send email to the LSM list (this
> > > > applies to all automated emails, not just LLM reviews).  Please hold
> > > > the PR until you have given people a chance to comment on the issue.
> > >
> > > As I explained just above, the PR is a draft (GitHub specific state for
> > > WIP), so it cannot be merged as-is, but it is useful for reviews and for
> > > LSM folks to get a look if they are interested.
> > >
> > > > Personally, I'm okay with it.
> > >
> > > Looks good.  What about waiting a week to get some feedback here and
> > > then ask for a merge of the PR?
> >
> > I would suggest enabling Sashiko for the LSM list, but not enabling
> > the email replies at first.  This would allow people to view the
> > reviews and perhaps make a better informed decision.
>
> The point of this PR and the related discussion is to enable email
> replies ...

... and you've heard my opinions on that.

> the reviews are already there.

I don't believe the LSM list is being directly reviewed by sashiko.dev
at the moment (check the lists drop-down in the web UI).  Any
LSM-posted patches being reviewed are being reviewed due to a CC to a
sashiko.dev monitored list.

> As explained, my motivation for
> this change is to get reviews, and without emails I suspect almost nobody
> (will) take a look and that would not even be an experiment.  I'm saying
> that because I forgot several times to take a look and it adds more work
> to the review/maintenance.

I think it's important to allow people a chance to see what the
reviews are like before you enable an automated bot on the mailing
list.  I'm sorry you found it cumbersome to check the web UI, but a
change to what is sent to the mailing list affects more than just you.

Perhaps we do eventually enable sashiko.dev to post to the LSM list,
as I said before I have no problem with that, but I want to give
people a chance to look at the Sashiko reviews first and make a more
informed decision.

> FWIW, there are currently 41 kernel mailing lists registered:
> https://github.com/sashiko-dev/sashiko/blob/main/sashiko.dev/email_policy.toml

Yes, I think we can all read a configuration file.

> > > Anyway, it would not be written in
> > > stone, we can update Sashiko config with new PRs.
> >
> > It is worth noting that sashiko.dev updates are not immediate, so
> > there is a delay between a PR being merged and it taking effect.
>
> Sure and I don't think it's an issue.  It's really easy to filter
> emails on any MUA if really needed, and I'm sure the Sashiko maintainers
> would be able to fix things quickly if needed.

I think it's important to understand that not everyone approaches the
email lists the same way, and something that is a non-issue for you
might be a larger issue for someone else.

As a reminder, you are always welcome to create your own list for
Landlock if you find that the LSM list no longer meets your needs.
The only thing I ask is that any patches touching/affecting the LSM
framework are sent to the LSM list and of course any pull requests
sent to Linus should CC the LSM list.

-- 
paul-moore.com

Re: Sashiko reviews for the LSM mailing list

[Mickaël Salaün]

On Tue, Jun 16, 2026 at 11:23:54AM -0400, Paul Moore wrote:
> On Tue, Jun 16, 2026 at 10:59 AM Mickaël Salaün <mic@digikod.net> wrote:
> > On Tue, Jun 16, 2026 at 10:11:42AM -0400, Paul Moore wrote:
> > > On Tue, Jun 16, 2026 at 4:49 AM Mickaël Salaün <mic@digikod.net> wrote:
> > > > On Mon, Jun 15, 2026 at 04:13:59PM -0400, Paul Moore wrote:
> > > > > On Mon, Jun 15, 2026 at 11:41 AM Mickaël Salaün <mic@digikod.net> wrote:
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > I've been reading Sashiko's (AI bot) reviews wrt Landlock patches, and
> > > > > > most of them were valuable.  It found issues (security or not), but it
> > > > > > requires to go to https://sashiko.dev to find them, which is too easy to
> > > > > > forget, and requires additional work from maintainers to copy or point
> > > > > > to these reviews.  I sent a PR (currently in draft) to enable email
> > > > > > replies from Sashiko to the Linux Security Module mailing list (most
> > > > > > patches are already reviewed anyway):
> > > > > > https://github.com/sashiko-dev/sashiko/pull/278
> > > > > >
> > > > > > Making such reviews broadly available can improve the quality of patches
> > > > > > we receive without much noise, helping for all LSM-related code.  We can
> > > > > > fine tune some email-related settings if needed.
> > > > > >
> > > > > > If there are any concern or question, this is the right time to start a
> > > > > > discussion.
> > > > >
> > > > > I recently enabled Sashiko for the SELinux list to trial it there
> > > > > first, with the goal of eventually bringing this topic up for the rest
> > > > > of the LSM folks on the LSM list.
> > > > >
> > > > > While I think Sashiko's review comments are generally okay, you should
> > > > > have contacted the LSM mailing list folks *before* submitting a PR
> > > > > that would cause an automated bot to send email to the LSM list (this
> > > > > applies to all automated emails, not just LLM reviews).  Please hold
> > > > > the PR until you have given people a chance to comment on the issue.
> > > >
> > > > As I explained just above, the PR is a draft (GitHub specific state for
> > > > WIP), so it cannot be merged as-is, but it is useful for reviews and for
> > > > LSM folks to get a look if they are interested.
> > > >
> > > > > Personally, I'm okay with it.
> > > >
> > > > Looks good.  What about waiting a week to get some feedback here and
> > > > then ask for a merge of the PR?
> > >
> > > I would suggest enabling Sashiko for the LSM list, but not enabling
> > > the email replies at first.  This would allow people to view the
> > > reviews and perhaps make a better informed decision.
> >
> > The point of this PR and the related discussion is to enable email
> > replies ...
> 
> ... and you've heard my opinions on that.
> 
> > the reviews are already there.
> 
> I don't believe the LSM list is being directly reviewed by sashiko.dev
> at the moment (check the lists drop-down in the web UI).  Any
> LSM-posted patches being reviewed are being reviewed due to a CC to a
> sashiko.dev monitored list.

I reiterate my claim that the LSM list is already being reviewed.  You
just need to enter an LSM name in the search box to see the reviewed
patch series.  They are already categorized by mailing list, only the
drop-down menu doesn't list all of them.  For instance, the latest for
AppArmor (neither the LKML nor the LSM mailing list are being explicitly
registered for Sashiko):
https://sashiko.dev/#/patchset/20260613060424.2213712-1-junxiao.chang%40intel.com

> 
> > As explained, my motivation for
> > this change is to get reviews, and without emails I suspect almost nobody
> > (will) take a look and that would not even be an experiment.  I'm saying
> > that because I forgot several times to take a look and it adds more work
> > to the review/maintenance.
> 
> I think it's important to allow people a chance to see what the
> reviews are like before you enable an automated bot on the mailing
> list.  I'm sorry you found it cumbersome to check the web UI, but a
> change to what is sent to the mailing list affects more than just you.
> 
> Perhaps we do eventually enable sashiko.dev to post to the LSM list,
> as I said before I have no problem with that, but I want to give
> people a chance to look at the Sashiko reviews first and make a more
> informed decision.

Sure, I sent this emails to start this discussion, and we can already
take a look, but I guess a drop-down menu will help.  Are you OK to
start with this drop-down menu?

> 
> > FWIW, there are currently 41 kernel mailing lists registered:
> > https://github.com/sashiko-dev/sashiko/blob/main/sashiko.dev/email_policy.toml
> 
> Yes, I think we can all read a configuration file.
> 
> > > > Anyway, it would not be written in
> > > > stone, we can update Sashiko config with new PRs.
> > >
> > > It is worth noting that sashiko.dev updates are not immediate, so
> > > there is a delay between a PR being merged and it taking effect.
> >
> > Sure and I don't think it's an issue.  It's really easy to filter
> > emails on any MUA if really needed, and I'm sure the Sashiko maintainers
> > would be able to fix things quickly if needed.
> 
> I think it's important to understand that not everyone approaches the
> email lists the same way, and something that is a non-issue for you
> might be a larger issue for someone else.

I know, it's not about me.

> 
> As a reminder, you are always welcome to create your own list for
> Landlock if you find that the LSM list no longer meets your needs.
> The only thing I ask is that any patches touching/affecting the LSM
> framework are sent to the LSM list and of course any pull requests
> sent to Linus should CC the LSM list.

That would be easier, but that's an option I would prefer to avoid
because I want everyone to benefit form these reviews.