From 07a8be20c1c9e7a2ff6b5b9ec99dbe6b2fa0fcad Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 6 Jun 2025 09:28:14 +0100 Subject: [PATCH] docs: outline bug expectations wrt automated tools / AI agents MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Bug reports from automated tools and AI agents are time consuming to triage and have poor signal/noise ratio. Set strong expectations for any reporters using such tools, in a (likely doomed) attempt to stem the flow of poor quality reports. Reviewed-by: Peter Krempa Signed-off-by: Daniel P. Berrangé --- docs/bugs.rst | 14 ++++++++++++++ docs/securityprocess.rst | 4 ++++ 2 files changed, 18 insertions(+) diff --git a/docs/bugs.rst b/docs/bugs.rst index 5fd1970caf..e12a6c74ec 100644 --- a/docs/bugs.rst +++ b/docs/bugs.rst @@ -76,6 +76,20 @@ Linux Distribution specific bug reports like to have your procedure for filing bugs mentioned here, please mail the libvirt development list. +Use of automated tools / AI agents +---------------------------------- + +If any automated tool / AI agent is used to identify a bug / security +flaw, the following additional expectations apply when filing a report: + +- The tool / agent used **MUST** be clearly declared in the description +- All stated facts **MUST** be validated as correct and free from AI + hallucinations prior to filing +- The problem **MUST** be described against an upstream release that is + no more than 3 months old. +- The problem **SHOULD** be analysed and accompanied with a proposed + patch that can be directly applied to current git + How to file high quality bug reports ------------------------------------ diff --git a/docs/securityprocess.rst b/docs/securityprocess.rst index 075679df74..b7695ddc59 100644 --- a/docs/securityprocess.rst +++ b/docs/securityprocess.rst @@ -27,6 +27,10 @@ and moderated for non-members. As such you will receive an auto-reply indicating the report is held for moderation. Postings by non-members will be approved by a moderator and the reporter copied on any replies. +Refer to the `bug reporting `__ +page for the *expectations around the use of automated tools and AI agents*, +**prior** to filing any security report. + Security notices ---------------- -- 2.47.3