[PATCH] docs: outline bug expectations wrt automated tools / AI agents

Fri, 06 Jun 2025 01:53:13 -0700 

From: Daniel P. Berrangé <berra...@redhat.com>

Bug reports from automated tools and AI agents are time consuming to
triage and have poor signal/noise ratio. Set strong expectations for
any reporters using such tools, in a (likely doomed) attempt to stem
the flow of poor quality reports.

Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
---
 docs/bugs.rst            | 14 ++++++++++++++
 docs/securityprocess.rst |  4 ++++
 2 files changed, 18 insertions(+)

diff --git a/docs/bugs.rst b/docs/bugs.rst
index 5fd1970caf..e12a6c74ec 100644
--- a/docs/bugs.rst
+++ b/docs/bugs.rst
@@ -76,6 +76,20 @@ Linux Distribution specific bug reports
    like to have your procedure for filing bugs mentioned here, please mail the
    libvirt development list.
 
+Use of automated tools / AI agents
+----------------------------------
+
+If any automated tool / AI agent is used to identify a bug / security
+flaw, the following additional expectations apply when filing a report:
+
+- The tool / agent used **MUST** be clearly declared in the description
+- All stated facts **MUST** be validated as correct and free from AI
+  hallucinations prior to filing
+- The problem **MUST** be described against an upstream release that is
+  no more than 3 months old.
+- The problem **SHOULD** be analysed and accompanied with a proposed
+  patch that can be directly applied to current git
+
 How to file high quality bug reports
 ------------------------------------
 
diff --git a/docs/securityprocess.rst b/docs/securityprocess.rst
index 075679df74..b7695ddc59 100644
--- a/docs/securityprocess.rst
+++ b/docs/securityprocess.rst
@@ -27,6 +27,10 @@ and moderated for non-members. As such you will receive an 
auto-reply indicating
 the report is held for moderation. Postings by non-members will be approved by 
a
 moderator and the reporter copied on any replies.
 
+Refer to the `bug reporting <bugs.html#use-of-automated-tools-ai-agents>`__
+page for the *expectations around the use of automated tools and AI agents*,
+**prior** to filing any security report.
+
 Security notices
 ----------------
 
-- 
2.49.0

Reply via email to