[PATCH] docs: outline bug expectations wrt automated tools / AI agents
From: Daniel P. Berrangé <berrange(a)redhat.com>
Bug reports from automated tools and AI agents are time consuming to
triage and have poor signal/noise ratio. Set strong expectations for
any reporters using such tools, in a (likely doomed) attempt to stem
the flow of poor quality reports.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/bugs.rst | 14 ++++++++++++++
docs/securityprocess.rst | 4 ++++
2 files changed, 18 insertions(+)
diff --git a/docs/bugs.rst b/docs/bugs.rst
index 5fd1970caf..e12a6c74ec 100644
--- a/docs/bugs.rst
+++ b/docs/bugs.rst
@@ -76,6 +76,20 @@ Linux Distribution specific bug reports
like to have your procedure for filing bugs mentioned here, please mail the
libvirt development list.
+Use of automated tools / AI agents
+----------------------------------
+
+If any automated tool / AI agent is used to identify a bug / security
+flaw, the following additional expectations apply when filing a report:
+
+- The tool / agent used **MUST** be clearly declared in the description
+- All stated facts **MUST** be validated as correct and free from AI
+ hallucinations prior to filing
+- The problem **MUST** be described against an upstream release that is
+ no more than 3 months old.
+- The problem **SHOULD** be analysed and accompanied with a proposed
+ patch that can be directly applied to current git
+
How to file high quality bug reports
------------------------------------
diff --git a/docs/securityprocess.rst b/docs/securityprocess.rst
index 075679df74..b7695ddc59 100644
--- a/docs/securityprocess.rst
+++ b/docs/securityprocess.rst
@@ -27,6 +27,10 @@ and moderated for non-members. As such you will receive an auto-reply
indicating
the report is held for moderation. Postings by non-members will be approved by a
moderator and the reporter copied on any replies.
+Refer to the `bug reporting <bugs.html#use-of-automated-tools-ai-agents>`__
+page for the *expectations around the use of automated tools and AI agents*,
+**prior** to filing any security report.
+
Security notices
----------------
--
2.49.0