On Mon, Nov 10, 2025 at 02:54:05PM -0500, Steven Rostedt wrote:
> Probably no difference. I would guess the real liability is for those that
> use AI to submit patches. With the usual disclaimers of IANAL, I'm assuming
> that when you place your "Signed-off-by", you are stating that you have the
> right to submit this code. If it comes down that you did not have the right
> to submit the code, the original submitter is liable.
>
> I guess the question also is, is the maintainer that took that patch and
> added their SoB also liable?
ObDisclaimer: Although I have take one or two law classes at the MIT
Sloan School (e.g., "Law for the I/T Manager"), I am not a lawyer, and
more importantly, I am not *your* lawyer. So this is not legal
advice.
Maintainers are always assuming that code that has a Signed-Off-By is
code that the submitter has a right to submit. This is true before
AI, and it will be true today, after the advent of AI. If I receive a
patch from someone who works for Google, or Microoft, or Amazon, how
do I know that they haven't cut and pasted code from their compan's
internal proprieatry code base? I don't. I rely on the Signed-off-by
and the good faith of the code submitter, and if someone sends me code
that they aren't authorized, it is my personal belief that I wouldn't be
liable; only the submitter.
What is true for code written by human (who might or might not have
cut and pasted from their internal code search), it should just be as
true for AI-generated code.
In fact, from a strict legal liability perspective, I'd be happier not
knowing whether or not a particlar patch had some kind of LLM
involved. What I don't know, I can't *possibly* be held liable.
- Ted
