Andrew Pollock

> nudge the user towards making a pull request against the source data - [Malicious Packages](https://github.com/ossf/malicious-packages?tab=readme-ov-file) - [OSS Fuzz](https://github.com/google/oss-fuzz-vulns) - [PyPA](https://github.com/pypa/advisory-database) - [R](https://github.com/RConsortium/r-advisory-database) all expressly invite pull requests, but deep...

https://github.com/google/osv.dev/blob/master/docker/worker/oss_fuzz.py is where the action is

@jonathanmetzman are you able to provide any insights here into what happens from OSS-Fuzz's side?

@jonathanmetzman are you able to confirm that a request to bisect the fixed version was made from OSS-Fuzz? We have no evidence of one ever being received. Is it possible...

Hey @davidben Could you describe what your current user journey looks like, and what an appropriately lightweight one could look like?

Brilliant, thanks for all this detail, it's very helpful. > 4\. When OSV gets it wrong So based on https://github.com/google/oss-fuzz-vulns/pull/37 being how to correct things, I think it's fair to...

This discrepancy is something that in the short-term needs to be documented in the FAQ and longer-term needs to be fixed in our exporter (#2329 touches on this a little...

I think that with [recent work that @hogo6002 did to make adjustments to how our exporting works](https://groups.google.com/g/osv-discuss/c/V7ZSZEMewGA) we may be able to almost call this "done". I think a review...

Actually @hogo6002 already made the necessary documentation changes in #2784 so I think we can call this done.

Confirmed that 1dd2685dcc735496d7adde87ac60b9434ed4a04c is tagged as 1.30.1: ``` $ git ls-remote https://github.com/mirror/busybox | fgrep 1dd2685dcc735496d7adde87ac60b9434ed4a04c 1dd2685dcc735496d7adde87ac60b9434ed4a04c refs/heads/1_30_stable 1dd2685dcc735496d7adde87ac60b9434ed4a04c refs/tags/1_30_1 ``` Confirmed that querying for 1dd2685dcc735496d7adde87ac60b9434ed4a04c only returns CVE-2023-39810 and not...