andymeneely
commented
10 years ago Ok, I will buy lunch for anyone who does more of these than me. I've already done two.
Follow the link to the CVE and try to find the Rietveld id. It won't be obvious because Brian's scraper finds those.
- Try to find the SVN commit.
- Using
git log --grepuse this to find the Git commit - Then try to trace it to the code review id.
If you find the commit and it does not mention a the code review, you can consider it "none", which counts as done.
bspates
Hey @andymeneely, @cck9672, @smt9020,
So in our shared folder in the Vulnerabilities spreadsheet I added a sheet called Manual Inspection. It should be the first one. In there is a list of CVEs with either no information at all, or a list of google code issue ids. The ones with google code ids might be easiest to tackle first. If people wanna claim a range in the table of entries with g ids and they can start inspecting. Go to https://code.google.com/p/chromium/issues/list, and enter the provided issue in the search bar to go to the corresponding issue page. That would be the best starting place. From there look for any links to the rietveld system, or the repo tree, as links to code reviews have been found in commits there.