search

google / oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.
https://google.github.io/oss-fuzz
Apache License 2.0
10.13k stars 2.15k forks source link

GSoC Adding retriever into OSS Fuzz #12066

Open PatriceJada opened 3 weeks ago

PatriceJada commented 3 weeks ago

Main Maintainer @henrykironde

github-actions[bot] commented 3 weeks ago

PatriceJada is integrating a new project:
- Main repo: https://github.com/weecology/retriever
- Criticality score: 0.55757

jonathanmetzman commented 2 weeks ago

Do you have a link to the GSoC project you are working on? Also, could we try to integrate the projects one at a time? It's a lot to integrate ~10 projects.

PatriceJada commented 2 weeks ago

@jonathanmetzman This is the link to the GSoC page https://github.com/numfocus/gsoc/wiki/GSoC-2024-GOSST and this is the issue https://github.com/numfocus/gsoc/issues/470

jonathanmetzman commented 2 weeks ago

Does the main maintainer approve?

jonathanmetzman commented 2 weeks ago

How about you keep open these PRs and the first projects you make progress on, I'll merge those PRs.

henrykironde commented 2 weeks ago

@jonathanmetzman , I approve.

PatriceJada commented 2 weeks ago

How about you keep open these PRs and the first projects you make progress on, I'll merge those PRs.

@jonathanmetzman Correct me if I'm wrong but my understanding was that for the project to be accepted we need to follow these steps https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/. Then once the project is merged we move to these steps https://google.github.io/oss-fuzz/getting-started/new-project-guide/

jonathanmetzman commented 2 weeks ago

How about you keep open these PRs and the first projects you make progress on, I'll merge those PRs.

@jonathanmetzman Correct me if I'm wrong but my understanding was that for the project to be accepted we need to follow these steps https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/. Then once the project is merged we move to these steps https://google.github.io/oss-fuzz/getting-started/new-project-guide/

That is the correct procedure, but to be honest, no one else has tried to integrate ~10 projects at once. For each project someone tries to add to oss-fuzz, we need to discuss whether to accept it. This is potentially a lot of work for us. I'd rather you integrate projects one at a time so we don't spend time discussing project integrations that don't get completed. Also, doing integrations one at a time would make it easier to incorporate feedback. For example, I think the "MSAN" option doesn't make sense here, and you should also say why the project is important and/or critical infra.