Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OSS-Fuzz Integration #3556

Closed
ennamarie19 opened this issue Jun 5, 2024 · 6 comments
Closed

OSS-Fuzz Integration #3556

ennamarie19 opened this issue Jun 5, 2024 · 6 comments
Labels
enhancement

Comments

@ennamarie19
Copy link

My name is McKenna Dallmeyer and I would like to submit PyMuPDF to OSS-Fuzz.

If you are not familiar with the project, OSS-Fuzz is Google's platform for continuous fuzzing of Open Source Software.

In order to get the most out of this program, it would be greatly beneficial to be able to merge-in my fuzz harness and build scripts into the upstream repository and contribute bug fixes if they come up. Is this something that you would support me putting the effort into?

Thank you!
@JorjMcKie
Copy link
Collaborator

@ennamarie19 thank you for your interest in and consideration of PyMuPDF!
We would certainly welcome to have this type of additional testing of aspects of PyMuPDF.
However, we would also like to point out certain general conditions of our position:

  • Generating PyMuPDF for all current Python versions, and for a considerable number OS platforms, already makes this a highly complex process - an app in itself.
    We do not want to inject further complications, for example by incorporating more package generation alternatives.
  • But we would definitely be willing to fix any issues you may detect or, respectively accept corresponding PRs.
    In this context, please be aware that we need your acceptance of our Artifex Contributor License Agreement, downloadable from here. So, when you submit your first PR, we will expect an accompanying statement like "I have read and herewith accept the Artifex CLA". Subsequent submissions will automatically confirm the existence of this approval.

We are looking forward to hear from you!

@ennamarie19
Copy link
Author

ennamarie19 commented Jun 7, 2024
edited
Loading

@ennamarie19 thank you for your interest in and consideration of PyMuPDF!

We would certainly welcome to have this type of additional testing of aspects of PyMuPDF.

However, we would also like to point out certain general conditions of our position:

  • Generating PyMuPDF for all current Python versions, and for a considerable number OS platforms, already makes this a highly complex process - an app in itself.

We do not want to inject further complications, for example by incorporating more package generation alternatives.

  • But we would definitely be willing to fix any issues you may detect or, respectively accept corresponding PRs.

In this context, please be aware that we need your acceptance of our Artifex Contributor License Agreement, downloadable from here. So, when you submit your first PR, we will expect an accompanying statement like "I have read and herewith accept the Artifex CLA". Subsequent submissions will automatically confirm the existence of this approval.

We are looking forward to hear from you!

Certainly! Thank you for passing along that guidance. I just need a good email address from you that I can include with the submission to OSS-Fuzz so that you are kept informed of findings from the fuzz tests. Could you share that with me please?

Thanks so much for your interest!

@JorjMcKie
Copy link
Collaborator

Hi @ennamarie19 - thank your for your prompt reaction!
I am hesitant what would be the best email address for that purpose. To keep this not attached to a single person, probably [email protected] would be the best choice. This however does not represent an existing GitHub user - although all PyMuPDF maintainers would be informed by any incoming mail.
If a GitHub user is in fact needed, you may want to just use mine, [email protected].

@ennamarie19
Copy link
Author

Hi @ennamarie19 - thank your for your prompt reaction!

I am hesitant what would be the best email address for that purpose. To keep this not attached to a single person, probably [email protected] would be the best choice. This however does not represent an existing GitHub user - although all PyMuPDF maintainers would be informed by any incoming mail.

If a GitHub user is in fact needed, you may want to just use mine, [email protected].

Thank you so much! I'll submit the distribution email and if you'd like it to be changed, just let me know! This is just for email notifications that will point you to the portal that you'll eventually gain access to in order to view any vulnerabilities that may pop up. So I think the collective email would be best for this!

@jamie-lemon
Copy link
Collaborator

Please note - it is [email protected] just in case you copy and paste the email above which had dropped the "o" :)

@ennamarie19 ennamarie19 mentioned this issue Jun 8, 2024
Open
@JorjMcKie
Copy link
Collaborator

Close as completed because the approach has been arranged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JorjMcKie @ennamarie19 @jamie-lemon