# Linux 安全邮件列表"几乎难以管理"

- 来源：Hacker News 热门（buzzing.cc 中文翻译）
- 作者：jonbaer
- 发布时间：2026-05-18 23:18
- AIHOT 分数：65
- AIHOT 链接：https://aihot.virxact.com/items/cmpbd6th416djslnzi06wumuv
- 原文链接：https://www.theregister.com/security/2026/05/18/linus-torvalds-says-ai-powered-bug-hunters-have-made-linux-security-mailing-list-almost-entirely-unmanageable/5241633

## AI 摘要

AI漏洞挖掘工具的广泛应用导致Linux安全邮件列表收到的自动提交漏洞报告数量激增，使其“几乎难以管理”。具体数据显示，该邮件列表每周收到约100封邮件，其中大部分为自动化生成的报告，真正需要核心维护者关注的漏洞仅占少数。这种变化反映了安全研究自动化对开源社区协作模式带来的新挑战。

## 正文

Security

Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’

Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’

Linux kernel boss Linus Torvalds has declared the project’s security mailing list has become “almost entirely unmanageable” due to multiple researchers using AI to find bugs and then filling the list with duplicate reports.

Torvalds used his weekly state of the kernel post to deliver release candidate four for Linux 7.1 and report “fairly normal” progress towards a full release.

He then pointed kernelistas to the project’s documentation, which he wrote “might be worth highlighting” as “the continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools.”

“People spend all their time just forwarding things to the right people or saying ‘that was already fixed a week/month ago’ and pointing to the public discussion,” Torvalds complained.

MORE CONTEXT

Linux 7.1 will have an optional new NTFS driver

Linux 7.1 will have an optional new NTFS driver

AI bug reports went from junk to legit overnight, says Linux kernel czar

AI bug reports went from junk to legit overnight, says Linux kernel czar

Linus Torvalds: Someone ‘more competent who isn't afraid of numbers past the teens’ will take over Linux one day

Linus Torvalds: Someone ‘more competent who isn't afraid of numbers past the teens’ will take over Linux one day

Linus Torvalds and friends tell The Reg how Linux solo act became a global jam session

Linus Torvalds and friends tell The Reg how Linux solo act became a global jam session

The Penguin Emperor believes that kind of chatter is “all entirely pointless churn” and isn’t productive because “AI detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved – and only makes that duplication worse because the reporters can't even see each other's reports.”

He then offered an opinion on how best to use AI to improve software security.

“AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make-believe work,” he wrote. “Feel free to use them, but use them in a way that is productive and makes for a better experience.”

“The documentation may be a bit less blunt than I am,” he added, “but that's the core gist of it.”

“So just to make it really clear: If you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on *top* of what the AI did. Don't be the drive-by ‘send a random report with no real understanding’ kind of person. OK?”

Torvalds' remarks contrast with recent comments from fellow kernel maintainer Greg Kroah-Hartman, who recently told The Register that AI has become an increasingly useful tool for the FOSS community. ®
