On Fri, 5 Nov 2021, William Bader wrote:
The poppler developers have a private place where they keep a list of reported fuzzing issues so that the developers can let the issues sit around until someone has time without having them visible on a public list. Is it possible to make a private tiff area where bots can send reports?
I am not so sure that having the reports exposed in public is a problem. The problem is that there will be a great many reports, with few people having the time and energy to work on them.
The oss-fuzz project is another source of public reports (e.g. https://bugs.chromium.org/p/oss-fuzz/issues/list?q=libtiff&can=1) and that project makes issues public in 90 days (or less).
Reports without sufficient volunteers to deal with them seems to be the problem.
Bob -- Bob Friesenhahn [email protected], http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt _______________________________________________ Tiff mailing list [email protected] https://lists.osgeo.org/mailman/listinfo/tiff
