In 2005, when I was 14 and running the local internet café, I learned something I've never forgotten: when the connection dropped and the place was packed, knowing in general how TCP/IP works was useless. You needed to know exactly which router was dropping packets, at which hop, and why. The gap between someone who understands the network and someone who just uses it was brutal and visible in real time. Today, reading the Hacker News thread about AI-generated Linux kernel contributions, I keep thinking about that night.
Not because they're the same situation. But because the underlying question is identical: do you understand what you're signing, or does it just work?
AI Linux kernel contributions: what the real debate actually says (not the version you want to hear)
The original HN post has 324 points and a perfect split. One side says "they'll never accept an AI-generated patch in the kernel" and the other says "it's already happening and most people don't know it." Both are right. That's what makes it uncomfortable.
Let's break it down.
The Linux kernel is not a normal software project. I say that having literally loaded its entire git history into a PostgreSQL database — I documented that experiment here when I was deep in my obsession with stuffing everything into Postgres. What I found was that the kernel's review process is, without exaggeration, the most rigorous code audit process in all of open source. Not out of romanticism. For very concrete reasons that accumulated over 30 years of catastrophic bugs, vulnerabilities with their own CVE names, and hardware deaths in production.
A kernel maintainer doesn't just check if the code compiles. They check whether the author's mental model is correct. That's not a minor detail.
The question isn't technical. It's epistemic.
When you sign a patch with your name on the Linux kernel, you're making a very strong implicit claim: I understand what this code does, why it does it this way and not another, and I am responsible for the consequences. The Signed-off-by is not a formality. It's a chain of accountability that runs from you all the way to Linus.
So: if the patch was generated by an LLM and you reviewed it... how deep did that review actually go? Can you explain every implementation decision under a Torvalds-level review? Can you defend it when a maintainer asks why you didn't use function X from subsystem Y?
That's what unsettles me. And it unsettles me out loud — because I use AI to write code every single day.
What I found when I analyzed the Linux git history
When I loaded the full Linux git history into PostgreSQL, I ran some queries that had me thinking for a long time. The dataset has over a million commits. Here's something that caught my attention:
-- How many commits touched arch/x86/kernel/cpu/ in the last 5 years
-- vs how many unique authors signed them
SELECT
COUNT(*) as total_commits,
COUNT(DISTINCT author_email) as unique_authors,
ROUND(COUNT(*)::numeric / COUNT(DISTINCT author_email), 2) as commits_per_author
FROM commits
WHERE
fecha >= NOW() - INTERVAL '5 years'
AND EXISTS (
SELECT 1 FROM commit_files cf
WHERE cf.commit_hash = commits.hash
AND cf.filepath LIKE 'arch/x86/kernel/cpu/%'
);
The result: heavy concentration. Few authors, many commits. In critical subsystems like memory management, scheduling, and CPU drivers, the history shows that knowledge is concentrated in 10–15 people who've spent years in the same subsystem.
That's not an accident. It's a direct consequence of the review model: to get a patch accepted into mm/ or kernel/sched/, you have to demonstrate that you understand the subsystem at a level that only accumulates through years of small contributions, rejections, reviews, and mailing list conversations.
-- Average time between first and second commit from a new author
-- in critical subsystems vs peripheral drivers
SELECT
subsystem_type,
AVG(days_between_first_and_second_commit) as avg_days,
PERCENTILE_CONT(0.5) WITHIN GROUP (ORDER BY days_between_first_and_second_commit) as median_days
FROM (
SELECT
CASE
WHEN filepath LIKE 'mm/%' OR filepath LIKE 'kernel/%' OR filepath LIKE 'arch/%'
THEN 'critical'
ELSE 'peripheral'
END as subsystem_type,
author_email,
-- Days between an author's first and second commit
LEAD(fecha) OVER (PARTITION BY author_email ORDER BY fecha) - fecha as days_between_first_and_second_commit
FROM commits c
JOIN commit_files cf ON c.hash = cf.commit_hash
WHERE es_primer_commit_del_autor = TRUE
) sub
GROUP BY subsystem_type;
The median for critical subsystems is around 90 days. For peripheral drivers, it drops to 30. The kernel makes you wait. It makes you prove you're still there, that you understood the feedback, that you grew. No LLM can do that for you.
The real problem with using AI to generate kernel patches
Here's the part that won't make either side happy.
To the anti-AI crowd: code generated by LLMs can be completely correct. In well-documented areas of the kernel where patterns are repetitive and documentation is extensive, a good model can generate patches that pass review. It's already happening. Denying it is denying the evidence.
To the uncritical pro-AI crowd: the problem isn't whether the code is correct. It's whether the author can hold a technical conversation about why it's correct. And more importantly: whether they can diagnose the bug that's going to show up 18 months from now when that code interacts with hardware that doesn't exist yet.
That requires a mental model you can't build prompt by prompt.
I thought about this when I was exploring research-driven agents — an agent that reads before it codes can produce surprisingly good code. But "reading" and "understanding with consequences" are different things. The agent won't receive the email from Greg Kroah-Hartmann telling it that its patch broke suspend/resume on ThinkPads.
You will. And if you don't understand why, you can't fix it.
What this has to do with digital signatures and accountability
I mentioned this in passing but I want to expand on it: the kernel's Signed-off-by is a form of digital accountability signature. Not technical, but conceptually close to what NIST is trying to preserve with the new post-quantum standards: a chain of trust that can't be delegated without consequences.
When you delegate code generation to an LLM without understanding it, you're signing something you can't defend. That's not a tooling problem. It's an intellectual honesty problem.
And in the kernel, that has real consequences. Not metaphorical. Real. Bugs in the scheduler affect datacenters. Vulnerabilities in mm/ become Spectre and Meltdown. The history of the kernel is the history of things that went wrong when someone didn't fully understand what they were touching.
Gotchas in the debate that almost nobody mentions
1. The watermark problem
Nobody talks about this but it's relevant: if an LLM generates code with statistically identifiable characteristics — something close to what I explored with SynthID and AI-generated text watermarking — how is the kernel going to handle that implicit metadata? Will there be a disclosure policy? Should there already be one?
Linus Torvalds has already weighed in: he doesn't care if you used AI, he cares if the code is correct and if you can defend it. That's a pragmatic position I respect. It's also the position of someone who can spot bad code in seconds.
2. The context window problem
The kernel has 28 million lines of code. No LLM has all of it in context. That means the model operates on local fragments without vision of the complete system. For a USB driver, that might be fine. For something that touches virtual memory management, it's potentially catastrophic.
3. The accelerated onboarding problem
This is the one that worries me most long-term: if new contributors use AI to skip the gradual learning process the kernel enforces, in 10 years we'll have maintainers who don't understand the code they maintain. The kernel's slow process isn't bureaucracy. It's the mechanism by which knowledge gets transferred.
4. The versioning debate is already shifting
At the same time, there's $17M betting that Git is going to change radically with AI agents. If the versioning tooling changes, the kernel's review process is going to have to adapt too. That future is closer than it looks.
FAQ: the real questions about AI Linux kernel contributions
Have AI-generated patches already been accepted into the Linux kernel?
It's highly probable that yes, though without explicit disclosure. The kernel has no formal policy requiring you to declare if you used AI. What it does require is that you can defend the code. If someone used an LLM to generate a patch, reviewed it thoroughly, and can hold the technical conversation, there's currently no mechanism to detect it and no reason to reject it on those grounds alone.
What's Linus Torvalds' official position on using AI?
Torvalds has been consistently pragmatic: he cares about code quality and the author's ability to defend it, not the tool used to generate it. In recent interviews he said he's not worried about AI per se, but about the bad code it can produce when the author doesn't understand what they're doing. That's exactly the central point of this whole debate.
Which kernel subsystems would be safer to experiment with for AI-assisted contributions?
Well-documented hardware drivers, especially USB and HID devices where patterns are repetitive and the blast radius is limited. High-level networking subsystems are also more accessible. What definitely not: memory management (mm/), the scheduler (kernel/sched/), and anything that touches security paths or kernel cryptography.
How does this affect new contributors who want to learn?
Here's the most serious dilemma: using AI to generate the patch robs you of the learning that writing it would have given you. The kernel has a deliberately hard entry curve. The rejections, the reviews, the "this already exists in subsystem X" responses — those are all part of the knowledge transfer mechanism. If you skip that process, you arrive faster but with much less real understanding.
Should there be an AI disclosure policy for kernel contributions?
My opinion: yes, and it should look like the existing Signed-off-by — not prohibitive, but part of the transparency chain. Something like AI-Assisted-By: Claude 3.5 / reviewed and validated by author doesn't change whether the patch is good or bad, but gives maintainers context on how to evaluate it. The kernel already has a culture of radical transparency in its process. This would fit right in.
Can LLMs understand the full kernel context for complex contributions?
Today, no. With 28 million lines of code and a 30-year history of design decisions, no model has the complete context. For local, well-scoped patches, they can be useful. For changes that require understanding how deep kernel subsystems interact, the current context window and the accumulated implicit knowledge that maintainers carry have no equivalent in any model available today.
My opinion, which nobody is going to like
After loading a million commits into a database, reading the HN thread three times, and turning this over in my head for a week: I think using AI to contribute to the Linux kernel is both legitimate and problematic at the same time, and both things can be true without contradiction.
It's legitimate because correct code is correct code. If a patch works, passes review, and the author can defend it, the tool used to generate it is irrelevant.
It's problematic because the kernel process isn't just about generating correct code. It's about building the mental model that lets you maintain it, evolve with it, and understand bugs that are going to appear in contexts that don't exist yet. That mental model doesn't get built by delegating generation.
What genuinely unsettles me — and I want to say it out loud — is the speed. AI lets you generate patches much faster than the kernel was designed to absorb them. The kernel's slowness isn't a bug. It's the most effective quality control mechanism that open source ever invented.
If we accelerate generation without maintaining review depth, we're going to ship bugs that take years to surface and that nobody will be able to understand because the original author never fully understood them either.
And that seems way more dangerous to me than any debate about whether AI "can" contribute to the kernel.
Are you using AI to code and thinking about contributing to serious open source projects? I genuinely want to know how you draw the line between assistance and comprehension. Write to me.
Top comments (0)