Binary test cases are sketchy because they can be vectors for phishing and other malware. Lets strongly hint that source bases tests are preferred and binaries should have their provenance declared.
Suggested-by: Peter Maydell <[email protected]> Reviewed-by: Daniel P. Berrangé <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alex Bennée <[email protected]> --- .gitlab/issue_templates/bug.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitlab/issue_templates/bug.md b/.gitlab/issue_templates/bug.md index 53a79f58284..e20f586008d 100644 --- a/.gitlab/issue_templates/bug.md +++ b/.gitlab/issue_templates/bug.md @@ -55,6 +55,10 @@ https://www.qemu.org/contribute/security-process/ <!-- Attach logs, stack traces, screenshots, etc. Compress the files if necessary. If using libvirt, libvirt logs and XML domain information may be relevant. + +If attaching binary test cases you should describe where they were obtained +from, preferably linking to the original source. We greatly prefer test cases in +the form of source code that can be audited before compiling by the engineer. --> <!-- -- 2.47.3
