Subject: Re: On the reporting of security bugs discovered by LLM (Was Re: apt-cacher-ultra beta: Another apt cache, focusing on reliability and offline availability.)

Jeffrey Walton wrote:

The folks at Anthropic predict a surge in 0-days, vulnerabilities and
loss of coordinated disclosures (like on the oss-security mailing
list) as the initial wave of bugs are uncovered. Then Anthropic
expects it to drop off and find a new equilibrium as security
researchers catch up with the use of the tools. From [0]:

Whenever Anthropic, Google, xAI, Microsoft, NVidia -- whenever
they issue statements, it's downright criminal not to ask

"Who benefits from the release and wording of this statement?"
"Has the company produced convincing evidence?"
"Have they got a good track record of telling the truth?"
"Have they got a good track record of predicting the short-term
future?"


-dsr-


--
https://randomstring.org/~dsr/eula.html is binding upon you.

[Set the new password to "swordfish". Please repeat everything three times.]

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: On the reporting of security bugs discovered by LLM (Was Re: apt-cacher-ultra beta: Another apt cache, focusing on reliability and offline availability.)

Andrew Latham wrote:

What I am concerned about. In the US it is a solid fact that only
works done by a human can be copyrighted. So does the use of an LLM
cause issue with the copyright/copyleft licences for software. Does
the influx of security issues and possible code suggestions made by an
LLM erode the strength of the copyright/copyleft protections of the
code?

That Depends. Case law doesn't exist yet.

I think it's obvious that if you don't own the copyright, you
can't offer a license for the copyright. So 100% LLM works are
just in the public domain.

You can freely re-use public domain work, combine it with your
own work, and then you have copyright over the portion that you
wrote yourself but can't complain over someone else re-using the
same public-domain material.

At what point does the integration of PD material to a copyrighted
work remove the copyright on the rest? This is a problem because
copyrights protect the specific expression of ideas. A biography
or a novel or an essay: these are suitable subjects for
copyright. Software isn't the specific expression of ideas,
however: software is the specific expression of decision-making
processes.

Now, innovative, non-obvious processes can be protected by patents,
not copyrights. But most software doesn't contain an innovative process,
just a new combination of known processes.

So. Copyleft depends on copyright; copyright is not quite
correct for software; governments and corporations are too
easily corrupted and must be regulated much better than they
currently are.

-dsr-




--
https://randomstring.org/~dsr/eula.html is binding upon you.

[Set the new password to "swordfish". Please repeat everything three times.]

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: On the reporting of security bugs discovered by LLM (Was Re: apt-cacher-ultra beta: Another apt cache, focusing on reliability and offline availability.)

On 2026-05-21, Dan Ritter <dsr@randomstring.org> wrote:

Now, innovative, non-obvious processes can be protected by patents,
not copyrights. But most software doesn't contain an innovative process,
just a new combination of known processes.

What would be an example of an innovative process?

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: On the reporting of security bugs discovered by LLM (Was Re: apt-cacher-ultra beta: Another apt cache, focusing on reliability and offline availability.)

On 2026-05-22, CGS <etphonehomefrance@gmail.com> wrote:

On 2026-05-21, Dan Ritter <dsr@randomstring.org> wrote:

Now, innovative, non-obvious processes can be protected by patents,
not copyrights. But most software doesn't contain an innovative process,
just a new combination of known processes.

What would be an example of an innovative process?

The first software patent was issued June 19, 1968 to Martin Goetz for
a data sorting algorithm.

https://en.wikipedia.org/wiki/Software_patent

Seems kind of vague, in software, what could possibly be patented that
couldn't just as well be copyrighted.

Mais enfin.

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: On the reporting of security bugs discovered by LLM (Was Re: apt-cacher-ultra beta: Another apt cache, focusing on reliability and offline availability.)

CGS wrote:

On 2026-05-21, Dan Ritter <dsr@randomstring.org> wrote:

Now, innovative, non-obvious processes can be protected by patents,
not copyrights. But most software doesn't contain an innovative process, just a new combination of known processes.

What would be an example of an innovative process?

Something that you can get an appropriate court to agree is
patentable.

https://en.wikipedia.org/wiki/Software_patent

-dsr-

--
[Set the new password to "swordfish". Please repeat everything three times.]

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: On the reporting of security bugs discovered by LLM (Was Re: apt-cacher-ultra beta: Another apt cache, focusing on reliability and offline availability.)

CGS wrote:

On 2026-05-22, CGS <etphonehomefrance@gmail.com> wrote:

On 2026-05-21, Dan Ritter <dsr@randomstring.org> wrote:

Now, innovative, non-obvious processes can be protected by patents,
not copyrights. But most software doesn't contain an innovative process, >> just a new combination of known processes.

What would be an example of an innovative process?

The first software patent was issued June 19, 1968 to Martin Goetz for
a data sorting algorithm.

https://en.wikipedia.org/wiki/Software_patent

Seems kind of vague, in software, what could possibly be patented that couldn't just as well be copyrighted.

A patent covers the method.

A copyright covers the wording.

These are different, as you know, since you can express the same
instructions in English or in French. A patent would cover both,
a copyright would cover one or the other unless the complaint
was that the one was directly derivative of the other.

But all of this is law, so:

- it is dependent on jurisdiction
- it is ultimately a social matter
- it is an expression of power over others
- it is guaranteed to be wrong in at least some cases or
applications.

-dsr-

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: On the reporting of security bugs discovered by LLM (Was Re: apt-cacher-ultra beta: Another apt cache, focusing on reliability and offline availability.)

On 5/22/26 8:35 AM, Dan Ritter wrote:

A patent covers the method.

A copyright covers the wording.

More precisely (and note that I'm not an IP attorney, and neither do I
play one on television, but I do have a general understanding of the
basics of IP law):

A patent protects an *idea.* It places a very heavy burden of proof-of-originality upon the applicant, and has a relatively short term.

A copyright protects an *expression* of an idea. It is very easy to get, placing a very heavy burden of proof upon those seeking to invalidate
it, and has a very long (perhaps too long, these days) term.

And a trademark registration protects a name, logo, or other branding identification for a commercial product, from those who would either wrongfully profit from the reputation of its maker, or intentionally
damage that reputation, or both.

--
JHHL

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: On the reporting of security bugs discovered by LLM (Was Re: apt-cacher-ultra beta: Another apt cache, focusing on reliability and offline availability.)

On 2026-05-22, James H. H. Lampert <jamesl@touchtonecorp.com> wrote:

On 5/22/26 8:35 AM, Dan Ritter wrote:

A patent covers the method.

A copyright covers the wording.

More precisely (and note that I'm not an IP attorney, and neither do I
play one on television, but I do have a general understanding of the
basics of IP law):

A patent protects an *idea.* It places a very heavy burden of proof-of-originality upon the applicant, and has a relatively short term.

He said a method. But all algorithms are methods, so his definition
would encompass just about everything concerning informatics. The wording might relate to the language of implementation. But I don't know.

An idea seems even more encompassing in relation to software, and an
idea without a method in this regard appears completely evanescent.

A copyright protects an *expression* of an idea. It is very easy to get, placing a very heavy burden of proof upon those seeking to invalidate
it, and has a very long (perhaps too long, these days) term.

For me, the expression of an idea in software is a method, which we've already covered.

And a trademark registration protects a name, logo, or other branding identification for a commercial product, from those who would either wrongfully profit from the reputation of its maker, or intentionally
damage that reputation, or both.

--
JHHL

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)