David Benjamin
David Benjamin
Automating vulnerability reports from OSS-Fuzz is great, but the unfortunate fact is that OSS-Fuzz is very noisy. It's quite frequent that infrastructure changes cause false positives (see https://github.com/google/oss-fuzz/issues/11881). Prior to...
OpenSSL advisories used to be available at https://www.openssl.org/news/secadv/20240627.txt. These URLs are archived everywhere, from [emails](https://mta.openssl.org/pipermail/openssl-announce/2024-June/000311.html), [CVE trackers](https://nvd.nist.gov/vuln/detail/CVE-2024-5535), and no doubt countless other sources. OpenSSL's recent restructuring seems to have broken...
We recently regressed some handling of invalid Location headers in Chrome. In digging into that, I noticed the Fetch spec doesn't really match browsers here. I should also note I'm...
### What happened? When I was writing some tooling over BCR (Publish to BCR did not [meet our needs](https://github.com/bazel-contrib/publish-to-bcr/issues/157)), I needed to emit a JSON file for `//tools:add_module`. While the...
### What happened? When using the `//tools:add_module` tool in the bazel-central-registry, it asks if I would like to supply a `MODULE.bazel` file. Since the project I work on is trying...
The documentation for rules_license says: > Proof of concept. License restriction. https://bazelbuild.github.io/rules_license/latest.html That seems to suggest this is not yet ready for general use, but Bazel's documentation already suggests using...
I was going to leave this as a comment to #1426, but that is about making HSTS use a synthesized redirect, and this is about a DNS-level upgrade: For HTTPS-RR,...
Filing this to remember to make a note of it. Unless someone beats me to it, I'll probably put something together, at least for the seed-bases ones, as part of...
When writing some test vectors, I noticed that the JSON formatting is a bit uneven. It looks like the original Wycheproof test put a space _before_ the `:` in JSON...
The schema docs stay things like: > Pem encoded public key > Pem encoded private key The format is called PEM, not Pem. I guess the types do the camel-case...