On Tue, Mar 9, 2021 at 11:16 PM sebb <seb...@gmail.com> wrote: > > How often will the tool be run? > How often does it need to be run?
OSS-Fuzz runs its fuzzers continuously and will automatically pick up new project commits. I don't know its precise schedule, but I expect every project to be fuzzed at least a couple of hours a day. > > On Tue, 9 Mar 2021 at 22:01, Matt Sicker <boa...@gmail.com> wrote: > > > > Perhaps the output of this tool won't have nearly as much spam as > > Dependabot et al? If so, we could just use the security list. > > Due to the nature of fuzzing, Jazzer findings will always at least be valid, reproducible bug reports (with details comparable to the manually filed https://issues.apache.org/jira/projects/COMPRESS/issues/COMPRESS-567). Of course, these could still be for a non-security issue such as an unexpected RuntimeException. > > On Tue, 9 Mar 2021 at 15:48, sebb <seb...@gmail.com> wrote: > > > > > > On Tue, 9 Mar 2021 at 21:38, Gary Gregory <garydgreg...@gmail.com> wrote: > > > > > > > > What if we make the existing notification list private? Who uses that > > > > one and for what? > > > > > > Not a good idea, as the contents are appropriate to developers not on the > > > PMC. > > > > > > > G > > > > > > > > On Tue, Mar 9, 2021 at 3:41 PM Torsten Curdt <tcu...@vafer.org> wrote: > > > > > > > > > > > At least for Compress I see value in Fuzz testing. > > > > > > Any other opniions? > > > > > > > > > > > > > > > > I totally see the value and it should go to a private list. > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org