Hello Michael,
CM> Given that 11RC3 is now being tested, I wondered if it made
> sense for The NetBSD Foundation to join Project Glasswing,
> for the express purpose of submitting the codebase to LLM
> security audit, before officially releasing 11.0 ?
I can't speak for the Foundation or NetBSD developers but as a
fellow user, I wonder whether there is a danger of LLM-based testing
distracting developers who already have plenty of code to review and
human-curated PRs to look at.
You mean, the human-curated PRs where randos manually submit LLM slop for review anyways?
I think a more official LLM review would be far better.
This wouldn't be the first, either:
* In the old day, we all ran Static Analysis on the source code; I've personally found and verified multiple bugs with the help of LLVM/Clang back in the day, before the wider adoption.
* Coverity used to offer this as a service to some OSS projects as well.
C.