Door Anoniem: Quote van Linus hier I think we should simply make it a rule that "a 'security' bug that is found by AI is public". Now, I may be influenced by that "my inbox is a disaster during the merge window" thing, but I do think this is pretty fundamental: if somebody finds a bug with more or less standard AI tools (ie we're not talking magical special hardware and nation-state level efforts), then that bug pretty much by definition IS NOT SECRET. So why should be consider it special and have it be on the security list? Yes, yes, I know - some people think that "security bugs are special". And I've been on the record before calling that opinion special - in the short bus sense. Bugs are bugs. And not having them in public only makes them harder to deal with. Ik ben het er roerend mee eens dat bugs bugs zijn. Security bugs zijn doodgewone bugs waarvan op een gegeven moment duidelijk wordt dat ze misbruikt kunnen worden, vaak in combinatie met andere bugs, om beveiligingen te doorbreken. Je bent ...