On Mon, 11 May 2026 at 16:56, Alex Bennée <[email protected]> wrote: > > Binary test cases are sketchy because they can be vectors for phising
"phishing" > and other malware. Lets strongly hint that source bases tests are > preferred and binaries should have their provenance declared. > > Suggested-by: Peter Maydell <[email protected]> > Signed-off-by: Alex Bennée <[email protected]> > --- > .gitlab/issue_templates/bug.md | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/.gitlab/issue_templates/bug.md b/.gitlab/issue_templates/bug.md > index 53a79f58284..cdb7ac1fe72 100644 > --- a/.gitlab/issue_templates/bug.md > +++ b/.gitlab/issue_templates/bug.md > @@ -55,6 +55,10 @@ https://www.qemu.org/contribute/security-process/ > <!-- > Attach logs, stack traces, screenshots, etc. Compress the files if necessary. > If using libvirt, libvirt logs and XML domain information may be relevant. > + > +If attaching binary test cases you should describe where they where obtained "were" > +from preferably linking to the original source. We greatly prefer test cases > in "from, " > +the form of source code that can be audited before compiling by the engineer. > --> thanks -- PMM
