El divendres, 31 d’agost de 2018, a les 11:31:16 CEST, Robert Löhning va escriure: > Am 30.08.2018 um 21:30 schrieb Albert Astals Cid via Development: > > El dijous, 30 d’agost de 2018, a les 8:59:40 CEST, André Pönitz va escriure: > >> On Thu, Aug 30, 2018 at 08:42:11PM +0200, Albert Astals Cid via > >> > >> Development wrote: > >>> I made a local test run of the undefined sanitizer and it found > >>> https://paste.kde.org/prkox41mx in a few seconds, so "it works" > >>> > >>> If you want to test it locally you can do python infra/helper.py > >>> build_fuzzers --sanitizer undefined qt python infra/helper.py > >>> run_fuzzer qt qimage_fuzzer for the undefined sanitizer and > >>> python infra/helper.py build_fuzzers --sanitizer address qt > >>> python infra/helper.py run_fuzzer qt qimage_fuzzer > >>> > >>> Unfortunately I have not been able to compile with the memory > >>> sanitizer enabled yet. > >>> > >>> The most important thing before submitting this upstream is > >>> changing the list of trusted addresses the private bugs get sent > >>> to. > >>> > >>> To have something written i've used my email address but i guess > >>> at least i should add eirik.aavitsl...@qt.io (listed as QImage > >>> maintainer) there too? Anyone else? I am not sure how the email > >>> address thing works, but i think they need to be "google account" > >>> activated, whatever that means, so we can't use > >>> secur...@qt-project.org. > >> > >> That would be the natural choice. > >> > >>> On poppler i'm using my @gmail.com address and not my @kde.org address > >>> since it was just easier. > >>> > >>> Comments? > >> > >> We are not taking about an innovative approach to coerce people > >> into using Google services, right? > > > > Maybe :D > > > > Not really sure how it works, we can try submitting it with security@qt- > > project.org and see what happens, but first i'd like confirmation from > > them > > that they'll look at the errors and confirmation from "the project" that > > it's a good idea to do this. > > Hi, > > I was planning to do it the other way round: I registered a GMail > address for this sole purpose and will manually forward what comes in > there to the security list whenever needed. Of course I'd then try to > automate this as far as possible.
That works for me if it works for the project :) Cheers, Albert > > Cheers, > Robert > > > Cheers, > > > > Albert > >> > >> Andre' > > _______________________________________________ > Development mailing list > Development@qt-project.org > http://lists.qt-project.org/mailman/listinfo/development -- Albert Astals Cid | albert.astals....@kdab.com | Software Engineer Klarälvdalens Datakonsult AB, a KDAB Group company Tel: Sweden (HQ) +46-563-540090, USA +1-866-777-KDAB(5322) KDAB - The Qt, C++ and OpenGL Experts _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development