google
oss-fuzz-bot files issues with no info
I'm coming from systemd/systemd#29736.
The issue subject is not very descriptive and the initial comment contains links to other systems that I cannot access (bug.chromium.org -> (Gmail account) -> "Permission denied", oss-fuzz.com -> (Github account) -> "not authorized to access this page").
So there is not much a member of systemd community can do with such a report. Could the issue subject be more descriptive (filename?) and body contain some real information (stacktrace?) so that such issues can be triaged without logging in into various additional systems?
You can see the detailed reports if your email is on this list: https://github.com/google/oss-fuzz/blob/4ac6dec6884166efa4008cdd5ac02fb422445668/projects/systemd/project.yaml#L14-L28 -- if your email isn't on it then this is the reason you see the "not authorized" message. Please add your email to the list in a PR and tag the maintainers of the project so we have confirmation you're good to see the detailed reports (I think @evverx is usually doing a lot of the management of systemd's OSS-Fuzz integration).
@Werkov I can add your email address to that list. It should be a gmail address due to https://google.github.io/oss-fuzz/faq/#why-do-you-require-a-google-account-for-authentication though.
The issue subject is not very descriptive and the initial comment contains links to other systems that I cannot access
OSS-Fuzz generally follows https://google.github.io/oss-fuzz/getting-started/bug-disclosure-guidelines/ so all the bug reports and backtraces are hidden by default. I think it is discussed in https://github.com/google/oss-fuzz/issues/8921 but it affects projects where bug reports have been made public explicitly.
FWIW looking at https://github.com/google/oss-fuzz/issues/10637 I think OSS-Fuzz should really start saying that contributors should contact projects to get access.
Ideally it would be great if https://github.com/google/oss-fuzz/issues/8965 was implemented though.