)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"9cb96959687a82f3dc03546aec3d6c4a7aabf684","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"fb405e5e_9a307b36","updated":"2026-04-24 15:30:12.000000000","message":"I still thing the foundation should roll this into the upstream policy, but that doesn\u0027t preclude us from doing it, too.","commit_id":"c267672e0b399f12c36826cc209d11a090a97610"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"3f29ee2976d4b165ad753910eda9048cc024b23f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"6becc9a8_9d6df6be","updated":"2026-05-12 09:26:55.000000000","message":"I\u0027d like to suggest adding a short prose section on AI workflow hygiene during embargo:\n                                                                                                                                                                                              \n  - Use a dedicated AI session, harness, or workflow not shared with other work. An agent accumulates context across a session; switching from open to embargoed work in the same session or harness may carry forward a more permissive posture around disclosure. This applies to any memory or project context loaded by the harness itself.                                         \n - Ensure the working directory does not contain embargoed material when using AI tooling for other tasks; agents actively read the worktree and can incorporate embargoed content into unrelated output.                                                                                                                                                                           \n - Agentic workflows with write access to code review or bug tracking systems must require explicit human confirmation before any upload or comment. Accidentally pushing an embargoed patch to a public venue via an agent is a real risk and has occurred in practice (per PTG discussion).","commit_id":"c267672e0b399f12c36826cc209d11a090a97610"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"5d7aac98c6fb928ee957713adaace1254bc0048c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"a3e192ec_0f3f807c","in_reply_to":"6becc9a8_9d6df6be","updated":"2026-05-12 09:31:31.000000000","message":"The work separation I guess is important in any context, not just AI, it\u0027s just that with AI you\u0027re not fully aware, as an example, of the state of the repository that it left behind, even if you are isolating everything else.","commit_id":"c267672e0b399f12c36826cc209d11a090a97610"}],"doc/source/vmt-process.rst":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"b618b70e91b7f086c33d6b9ac75f048dff7b564d","unresolved":true,"context_lines":[{"line_number":418,"context_line":"  form of an official OpenStack Security Advisory. This includes"},{"line_number":419,"context_line":"  discussion of the bug or associated fixes in public forums such as"},{"line_number":420,"context_line":"  mailing lists, code review systems and bug trackers, or using"},{"line_number":421,"context_line":"  publicly-available LLM/AI technologies to develop patches. Please also"},{"line_number":422,"context_line":"  avoid private disclosure to other individuals not already approved"},{"line_number":423,"context_line":"  for access to this information, and provide this same reminder to"},{"line_number":424,"context_line":"  those who are made aware of the issue prior to publication. All"}],"source_content_type":"text/x-rst","patch_set":1,"id":"38c72950_9ad7ffff","line":421,"updated":"2026-04-24 14:51:34.000000000","message":"a suggested change?\n\n\"or remotely hosted software development tools, including cloud LLM technologies\"\n\nI think there are more than just remote LLMs: there are remote IDEs, remote-hosted on-demand dev containers, etc. It might be valuable to rope all those in here.","commit_id":"ef4b7eb19c8128ef5c7b0b198ecf862b6708adc7"},{"author":{"_account_id":14250,"name":"Grzegorz Grasza","email":"xek@redhat.com","username":"xek"},"change_message_id":"3f29ee2976d4b165ad753910eda9048cc024b23f","unresolved":true,"context_lines":[{"line_number":419,"context_line":"  discussion of the bug or associated fixes in public forums such as"},{"line_number":420,"context_line":"  mailing lists, code review systems and bug trackers, or using"},{"line_number":421,"context_line":"  remotely-hosted tools like AI/LLM services in development of"},{"line_number":422,"context_line":"  patches. Please also avoid private disclosure to other individuals"},{"line_number":423,"context_line":"  not already approved for access to this information, and provide"},{"line_number":424,"context_line":"  this same reminder to those who are made aware of the issue prior to"},{"line_number":425,"context_line":"  publication. All discussion should remain confined to this private"}],"source_content_type":"text/x-rst","patch_set":3,"id":"93cb9d5a_9c529450","line":422,"updated":"2026-05-12 09:26:55.000000000","message":"The \"remotely-hosted\" qualifier on the new line is too narrow. Local agent tooling (IDE plugins, CLI coding assistants, agentic frameworks) often includes telemetry, satisfaction surveys, or usage reporting that can transmit files the agent has read—including patch content—to the tool vendor. Suggest changing to:                                                     \n\n\"or using AI/LLM services or agentic tools (including IDE plugins and coding assistants that may transmit data via telemetry or usage reporting) in development of patches\"","commit_id":"c267672e0b399f12c36826cc209d11a090a97610"}]}
