On Tue, Feb 6, 2024 at 1:52 PM Jovon Itwaru <jovon.itw...@gmail.com> wrote:
> hey Jakob, thank you so much for your response! > > I think it makes a lot of sense; I know we’re all limited on time. I > myself have a full-time job and a family. I spent a few hours yesterday > looking through how timedate gets formatted with respect to one of the > internationalization issues. if anything else, it was a good way to get the > v8 build set up and start peeking through the code flow. one of the > challenges is that I don’t really know how to submit a CL. > https://v8.dev/docs/contribute You may also want to read more of what you find on v8.dev/docs (and perhaps also v8.dev/blog for additional background on certain features/mechanisms). > obviously I’m not a owner so I can’t take ownership of an issue but I > *would* like to contribute. I just don’t know how to get the component > owner to assign the ticket to themselves and then allow me to work on the > ticket , is there a defined way to do that? I’ve tried to reach out to the > component owners and I am still awaiting a response. > Pragmatically, you can just reply to the bug to say that you're working on it. We don't need to be formal about assignments, we just (in everyone's interest) want to avoid having two people independently work on the same bug, wasting effort. > it’s interesting you bring up vulnerabilities. I have a security > engineering background and work on seceng full-time at my day job, so I’m > always interested in fuzzing and finding security vulns. web assembly has > always interested me so maybe I can take some time fuzzing through that. > however, I imagine that internally you have lots of coverage using your > fuzzing (afl) tools? > We do have fuzzers <https://source.chromium.org/chromium/chromium/src/+/main:v8/test/fuzzer/;l=1?q=v8%2Ftest%2Ffuzzer>, and we also have empirical evidence that they're not finding everything :) Obviously, I cannot tell you exactly what a fuzzer would have to do differently in order to find more issues; if I knew that for sure, I would just write such a fuzzer myself. > in order to demonstrate commitment, would it be worth creating a PR and > emailing the patch to the component owners directly? > Following the Gerrit-based workflow linked above is much better than emailing patches. (In case you're not familiar with Gerrit: you need to both select reviewers (e.g. someone from the OWNERS of the directory you're primarily changing), *and* send out a message asking for review, otherwise the selected reviewers won't get notified. If you run into any trouble, feel free to post a link to the CL here.) > — > Jovon > > On Mon, Feb 5, 2024 at 3:29 AM Jakob Kummerow <jkumme...@chromium.org> > wrote: > >> Hi, both of you, and welcome to V8! If you can help, that is certainly >> appreciated. >> >> That said, V8 has a notoriously steep learning curve, even for those who >> work on it full-time, and even more so for anyone who wants to contribute >> part-time or as a hobby. Probably related to that, the vast majority of >> folks who send "hi, I'm new here, can anyone tell me where to start?" mails >> to this list are never heard from again; which in turn disincentivizes >> those with more experience from spending their precious time on trying to >> help newcomers -- especially considering that work time is an extremely >> limited resource. You'll probably have to prove your commitment before you >> can expect anyone to spend hours mentoring you. In the meantime, maybe you >> can support each other on your ramp-up journey? >> >> Regarding https://github.com/v8/v8.dev/issues: that's the mostly-unused >> tracker for issues with the v8.dev site. The actual V8 issue tracker is, >> for now, at https://bugs.chromium.org/p/v8/issues/list (but I think >> it'll migrate to issues.chromium.org soon). So if you're looking for >> bugs to work on, look there. >> >> One direction you can explore that may be more rewarding is projects that >> treat V8 as opaque (i.e. don't require much knowledge about its internals >> at first), such as fuzzing it (either JS or Wasm). You might even win bug >> bounties for successful finds. If you have other ideas on how to improve >> test coverage (e.g. by adding more tests for code paths that aren't covered >> well, or cleaning up useless tests, or speeding up existing tests without >> reducing their usefulness so that the saved time can be spent on additional >> tests, etc), and time to work on them, that would also be useful. >> >> Good luck, and have fun! >> >> >> On Sat, Feb 3, 2024 at 10:11 PM Ali Raein <alirae...@gmail.com> wrote: >> >>> Hi Jovon. Hope all is well. I was about to write the same email as >>> yours. Thought I check the responses here first. Has anyone reached out to >>> you? I'm new here. Any help would be much appreciated. Thanks, >>> - Ali Raein >>> >>> On Friday, January 19, 2024 at 2:56:58 PM UTC-5 jovon....@gmail.com >>> wrote: >>> >>>> 👋🏾 there! i'm a security engineer and i'd like to learn more about v8 >>>> and start contributing to the project. what do you need help with? i have >>>> the following (1) time to learn + contribute to code/docs/reviews and (2) >>>> several years of security engineering experience. >>>> >>>> i'd love to help out and i looked at a few issues at >>>> https://github.com/v8/v8.dev/issues. does anything jump out to you >>>> that needs help? >>>> >>>> -- >>>> Jovon Itwaru >>>> >>> -- -- v8-dev mailing list v8-dev@googlegroups.com http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CAKSzg3S5xM4vT%3DwVEvPMSX%2BDj_uAiGMWo9Sm9BGSXpamTBmJaQ%40mail.gmail.com.
