|
This channel is intended for people just starting with the Raku Programming Language (raku.org). Logs are available at irclogs.raku.org/raku-beginner/live.html Set by lizmat on 8 June 2022. |
|||
|
00:22
librasteve_ left
|
|||
| disbot3 | <rcmlz> How is that „malicious code in public repos“-problem approached by other, more popular projects like Python? | 05:36 | |
| <rcmlz> Is the distinction between „t“ (user test) and „xt“ (developer test) usefull for such „difficult to test“ modules? | 05:39 | ||
| <rcmlz> As in Raku we can specify during import Module-Name, Author, Version and API at least the vector of publishing a malicious module by using a higher version number than the clean, existing module is not as easy. | 05:51 | ||
| <rcmlz> assuming the malicious code is published under a new author. | 05:52 | ||
| lizmat | that's why I think any production code should have at least :auth<> in their use statements | 06:16 | |
| disbot3 | <librasteve> i was thinking maybe add ability to specify llm<x> where x is some kind of self certification of the level of LLM code … eg all human = 0, all Claude = 100 … that way we can better rank modules for human review (which I suspect will become inevitable quite soon) | 07:04 | |
| <librasteve> of course reputation will suffer is authors try to game the system | 07:05 | ||
|
08:12
dakkar joined
|
|||
| disbot3 | <rcmlz> Assuming this (amongst other things) is published as „Best Practice“, would it be appropriate to issue a warning whenever code is executed that does not follow this best practice? Also this makes it easier when you pay someone to code something for you: I put in the specs: follows best practice, no warnings emited. | 08:39 | |
| <rcmlz> Given that LLM become better over time - maybe this „repository thing for each an everything niche use case“ is anyway out of fashion soon, as people tend to choose the easiest path to solve a problem. e.g. Stackoverflow dies, because people do not need it anymore, asking LLM seems to be much more comfortable … let‘s wait if kids still remember wikipedia in 10 years from now | 08:43 | ||
| <librasteve> well yeah ... so initially <30 would be best (ie mainly human) and later on >70 would be best (ie mainly LLM) ... ymmv - the benefit of my proposal is that there at least is some kind of filter that you can use to know what you are dealing with and that all can happily reside in the same repo even when 99% is "LLM slop" | 08:46 | ||
| <rcmlz> Would a malicious actor be able to exploit that by maliciously using low number? | 08:49 | ||
| <rcmlz> I have the feeling that also testcoverage (even if that means 20GB local LLM and 6 Databases) and reproduceability (maybe something similar to nix, using commits and tags) might play a role in hardening the ecosystem. | 08:53 | ||
| <rcmlz> But maybe Raku is niche enough so that it is not targeted soon … | 08:54 | ||
| <rcmlz> by potent malicious actors | |||
| <rcmlz> Anyhow, @librasteve , very interesting problem you highlighted here - thank you | 08:56 | ||
|
08:57
apogee_ntv left
09:57
apogee_ntv joined
12:34
jmcgnh left
12:47
jmcgnh joined
|
|||
| disbot3 | <frostcod> Thanks, lizmat++ | 14:25 | |
|
16:42
dakkar left
|
|||