Douglas Bagnall douglas.bagnall at catalyst.net.nz
Mon Jan 20 02:00:47 UTC 2020

On 16/01/20 10:58 pm, Andreas Schneider via samba-technical wrote:
> However before we add *more* fuzzers, it might be a good idea to first fix the 
> bugs found by the fuzzers ;-)

Should we adopt a convention similar to our BUG: links?
That is, add lines like this in our commits:

OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19395

Obviously this doesn't have the significance of BUG: in our release
process, but with our tools and discussions wandering out over more and
more systems, habitual cross-referencing seems sensible.

The oss-fuzz links will initially be private, automatically lapsing into
the public 30 days after the fix or 90 days after the discovery, whichever
comes first.

(Also, they ask that we add the words "credit to OSS-Fuzz").


More information about the samba-technical mailing list