On Thursday, May 7, 2026 6:43:25 PM Eastern Daylight Time David Malcolm wrote: > On Mon, 2026-05-04 at 10:54 +0200, Siteshwar Vashisht wrote: > > > An AI analysis (Sonnet 4.6) of the mass scan is now available[1]. If > > a > > package is not listed in the AI analysis report, it did not find any > > issues that may require immediate attention from upstream or package > > maintainers. > > > > [1] > > https://svashisht.fedorapeople.org/openscanhub/mass-scans/ai-analysis-f45 > > -28-Apr-2026 > > This is really impressive, thanks. > > What inputs from the tools is the AI receiving? With my "GCC analyzer > maintainer" hat on, I'm wondering: > > (a) if GCC could provide additional information that might be of use to > the AI > > (b) if the AI could provide information to the GCC analyzer (e.g. parts > of the code to focus attention on), or perhaps synthesize additional > checks to be seen on particular API entrypoints (e.g. "can fail, need > to check for null", "data is attacker-controlled and needs sanitizing", > etc). > > Re (a), if this is all just text-based, then maybe better human- > readable output leads to better AI-readable output?
Better human readable is helpful. They really want well defined structured output such as SARIF including the optional proposed fixes data. That helps them zero in on exactly what might be wrong. -Steve -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
