David Benjamin
David Benjamin
Can the phrase "proof of concept" be removed before then? We were asked to adopt this project but the documentation made it extremely difficult to have confidence that we could...
Any news on this?
That is... unfortunate. BoringSSL started using this because some downstream project told us it was required. I was led to believe this was the new preference for Bazel modules. Is...
That would not be acceptable to us, no. Unfortunately, that is not the reality of how these data sources are consumed. No matter how much weighting you apply, if the...
Ah yeah, I guess I filed this as a thing for OSV to notify project owners, and that may not be the best option. (I filed a lot of bugs...
Well, it's a little subtle because OSV is interpreting OSS-Fuzz data in a way that does not match reality. Whether explicitly designed as such or not, OSS-Fuzz is set up...
> Hopefully, by adding some metadata to indicate an OSS-Fuzz entry is fully automated and had zero human triage, we can address some of the concerns around quality. On the...
That's already how they're marked, isn't it? https://github.com/C2SP/wycheproof/blob/main/testvectors_v1/rsa_oaep_misc_test.json#L7823-L7836
Related: https://github.com/whatwg/fetch/issues/1789
(Some years ago, before Fiat outputted nice standalone files, Andres and I tried this and we instead crashed MSVC. But that was an older MSVC and Fiat's output has since...