[lwip-devel] [bug #64010] oss-fuzz integration

[J. Neuschäfer]

Follow-up Comment #4, bug #64010 (project lwip):

Regarding the specific burdens you are concerned about:

- OSS-Fuzz has a policy that means bugs will be made public after 90 days[1],
but as far as I understand it, it doesn't strictly require that bugs are fixed
during this time.

- It doesn't require that all bugs are fixed, since some bugs may be
considered harmless[2]. This is up to an individual project's maintainers.

- The OSS-Fuzz team might expect some basic management of bugs in the
chromium.org bug tracker, i.e. marking bugs as fixed or "won't fix", etc.,
although OSS-Fuzz might also close bug reports automatically, when the bug is
found to be fixed in the latest git version (I'm not sure about that).


[1]:
https://google.github.io/oss-fuzz/getting-started/bug-disclosure-guidelines/
[2]:
https://google.github.io/oss-fuzz/advanced-topics/bug-fixing-guidance#should-all-reported-issues-be-solved


    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?64010>

_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/