What do LLMs mean for GnuPG?

[Robert J. Hansen]

> This is a red herring on all modern systems, given the overall 
> architecture of this tool.

Yes and no. The general rule is to take responsibility for zeroizing 
sensitive memory. Defense in depth involves, you know, *depth*.

I agree with your comments; I disagree with your conclusion.

> Put simply, for a "one-shot" tool that uses only a short-lived process, 
> there is no need to be concerned about this issue.

Save that it's a remarkably good habit to get into. :)

> I do not have the citation close at hand but I remember seeing studies 
> done that found that developers believed that using LLMs made them about 
> 25% faster, but the actual data showed that LLM usage made them about 
> 19% slower.  (Numbers retrieved from personal human memory, may not be 
> exactly accurate.)

Was it the METR survey?

https://metr.org/blog/2025-07-10-early-2025-ai-experienced-os-dev-study/

> Alarmingly, attempts to replicate the study in later years found that 
> LLM-assisted programming appears to be *addictive*:  the researchers 
> could not find enough developers willing to program without LLM 
> assistance to have solid data, even when they offered to pay $50 an hour.

I have opinions on that which I normally don't publicize, as I have very 
little backing it up except personal experience and a sickening feeling 
in the pit of my stomach. Subjective experience and subjective 
suspicions are not the same as reasoned discussion. I'll see if I can't 
write it up in a sensible way.

> This last point suggests to me that perhaps a strict prohibition on the 
> use of LLMs to develop for GnuPG might be appropriate.

I'm thinking it might be a good addition to the developer agreement, 
yes. Concur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260330/b4c425a0/attachment.sig>