Linus Torvalds, linux 7.1 release says:
developers should bewarewith automation,
wrong codes already reviewed have been reviewed again by AI...
Linus Torvalds says Linux 7.1 is finally back
on track after chaotic AI drama
After weeks of fighting AI-generated noise and late submissions, Linus Torvalds confirms Linux 7.1 RC6 is stabilizing for a normal launch.
The last few weeks have been a bit eventful in the world of the Linux kernel. First, Torvalds complained that contributors using AI were reporting issues and not supplying fixes, then the week after, he had to tell people to stop submitting less necessary fixes late in the cycle.
Thankfully, he now says that things have quietened down for the sixth release candidate, which means next week’s may be the last one before the final release. This week, he said that this update was smaller than RC5, but it is still not exactly small, thanks to the use of AI tools. He also said that due to the more normal size, we could be on track for a normal release cycle. (...)
AI is causing a massive headache for Linux and laying the groundwork for legal issues
Linus Torvalds shifts stance on automated tools as the flood of unverified AI patches creates a development bottleneck for Linux 7.1.
This week, Linus Torvalds shared his latest weekly insights about the fifth release candidate of the Linux 7.1 kernel. For a while now, Torvalds has been telling us that he suspects AI tools are leading to larger patches and that he was OK with this, but in the last two weeks or so, his attitude toward the people using these tools seems to have soured notably.
With the fourth release candidate of Linux 7.1, he criticized people for using these tools to find bugs, but then stopped short of actually submitting a code fix for the issue. They instead palmed the issue off onto other people, essentially inundating them with too much work. With the fifth RC, he said that many of the bug fixes being submitted this late in the cycle can actually wait until Linux 7.2. He has asked contributors to just stick to fixing actual regressions, given that we are three weeks out from the stable release.
While the onslaught of AI-coded patches is causing a headache for Linux kernel maintainers, there is actually a deeper crisis being created. By replacing human comprehension with proprietary, black-box AI models, the kernel is at risk of being polluted by unmaintainable, legally iffy, and opaque bloat.
Using artificial intelligence to help you code can be an immensely valuable tool; it ranges from the human being the primary coder and AI offering some genuinely helpful assistance, to vibe coding, where the human guides an AI coder on what to build. This too can be very useful; with vibe coding, it is not very hard to build a functional product. However, when vibe coding, especially with tools like OpenAI’s Codex, which hides the code from sight, the human instructing the bot is not as familiar with the code that is being written.
While it probably doesn’t matter for individuals doing side projects to vibe code, you probably don’t want that type of thing going on in something as major as the Linux kernel, which is used to power most servers around the world and a sizable number of desktop computers.
Thankfully, Linux maintainers do not let any code in randomly; it is reviewed first. However, with AI tools, people are able to create thousands of superficial patches or complex-looking bug reports in seconds, which, if submitted, land in a maintainer’s inbox, which they then have to spend precious time reviewing.
Linux source code
Aside from putting additional load on maintainers, AI-generated code fixes have the potential to look correct, but can lack structural understanding of the kernel, which could lead to subtle regressions, redundant logic, and edge-case vulnerabilities. This is all code that a maintainer will have to sift through to look for issues, and it could lead to more issues slipping into the kernel.
What we effectively see is a distributed denial of service (DDoS) attack on kernel development. Instead of attacks, cyberattacks on servers, it’s like an attack of easy-to-generate code against a maintainer’s ability to review so many code submissions.
...
If the Linux kernel is going to adopt AI, maybe it would be worth developers looking into the creation of a fully transparent, copyleft-trained model where users have access to the entire stack, from the training data to the inference model, so that the four freedoms of free software are truly maintained. It’s a bit ironic that, currently, developers are relying on closed models to write an open kernel.
Poll
