vishalcoc44 commented on PR #1028: URL: https://github.com/apache/poi/pull/1028#issuecomment-4031494738
> I'm -1 on this. > > I'm really concerned that GitHub will eventually limit ASF projects. > > I don't see why we need to fuzz every commit or PR. A complete waste of electricity, water, human time analysing the results. > I'm -1 on this. > > I'm really concerned that GitHub will eventually limit ASF projects. > > I don't see why we need to fuzz every commit or PR. A complete waste of electricity, water, human time analysing the results. Hi @pjfanning, Thank you for your feedback, I do understand your concerns regarding CI resource usage and environmental impact. Proposed Compromise: Scoped Automated Fuzzing Instead of running on every commit, the workflow has been updated to use strictly scoped path filtering. It will now only trigger if changes are made to core logic in: poi/src/main/java/** poi-ooxml/src/main/java/** poi-scratchpad/src/main/java/** poi-fuzz/src/main/java/** so changes to documentation, tests, build scripts (Gradle/Ant), and examples will not trigger the fuzzer. Additionally: Strict 10-minute cap: The run is truncated to exactly 600 seconds. It is just a smoke test to catch regressions early, not a long-running process, so clfuzz reports crashes only during that specific pr Low Impact: This is a small fraction of the total CI time compared to the full build and test suite, but provides a critical security safety net. we can still reduce the scope further if needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
