H
@janl I also maintain a FOSS project that's in AOSP, all the distros, and used by FAANG with multi-million deploys.
I don't pay any bounty, mainly because I don't have any money, and the huge companies that ship it, do their own Static Analysis.
I have been approached - by someone with a .bg email domain - asking about bounties, if I had said "yes", I also would be wading through the slop. So when I tell you this is self-inflicted by the maintainer, I have good reason to say it.
@janl Do you maintain anything?
@janl Maintainer saying they'll pay for bugs... attracts people looking for a low-effort income stream.
This is a problem that doesn't exist if you don't incentivize it...
@pseudonym It's certainly like that.
FWIW though LLMs don't have any shame or feeling they need to manage their reputation.
If you tell the same LLM that produced the report that it is now the QA manager and it must review the report from the standpoints of checking for missing or inaccurate citations, dubious claims or non-concise text, it will rat itself out and can be told to fix what it found.
This is the same LLM entirely...