jaraco
commented
2 years ago Hi David. Thanks for offering to fuzz this project. I'd welcome the effort, though I don't think email notifications would be the best. Is there a reason you couldn't instead register any failures as issues with this project? If email is the best/only means of notification, we might consider setting up a list (google group or similar) where notifications could be registered and then someone (maintainers or contributors) could periodically review that list and convert the reports to issues.
Hi,
I was wondering if you would like to integrate continuous fuzzing by way of OSS-Fuzz? Fuzzing is a way to automate test-case generation and can be used to find unexpected exceptions in Python. In this PR https://github.com/google/oss-fuzz/pull/8267 I did an initial integration into OSS-Fuzz and the current fuzzer targets
zipp.Pathusing a zipfile generate from fuzzer data. The fuzzing engine used by OSS-Fuzz is Atheris.If you would like to integrate, the only thing I need is a list of email(s) that will get access to the data produced by OSS-Fuzz, such as bug reports, coverage reports and more stats. Notice the emails affiliated with the project will be public in the OSS-Fuzz repo, as they will be part of a configuration file.