Here it seems like panic in the face of things like the CopyFail/DirtyFrag/Fragnesia/ssh-keysign-pwn stuff.
That if he didn’t let AI ‘fix’ the issues it can find first, then someone will hit rsync with devastating CVEs.
Problem is he saw that the tool was offering to ‘fix’ things that perhaps weren’t quite right and saw a credible proposal to implement fixes, but the fixes were for bugs no one cared about or noticed and weren’t security related, but incurred side effects that people did notice.
If you have a non-security bug that’s been in place since 2019 and the only thing that noticed was an LLM analysis of your codebase, it may be best to let sleeping dogs lie…
Here it seems like panic in the face of things like the CopyFail/DirtyFrag/Fragnesia/ssh-keysign-pwn stuff.
That if he didn’t let AI ‘fix’ the issues it can find first, then someone will hit rsync with devastating CVEs.
Problem is he saw that the tool was offering to ‘fix’ things that perhaps weren’t quite right and saw a credible proposal to implement fixes, but the fixes were for bugs no one cared about or noticed and weren’t security related, but incurred side effects that people did notice.
If you have a non-security bug that’s been in place since 2019 and the only thing that noticed was an LLM analysis of your codebase, it may be best to let sleeping dogs lie…