On Tue, May 09, 2017 at 11:12:24AM +0200, Michal Privoznik wrote: > On 05/09/2017 11:01 AM, Daniel P. Berrange wrote: > > On Fri, Mar 31, 2017 at 10:23:33AM +0200, Peter Krempa wrote: > >> On Fri, Mar 31, 2017 at 03:57:41 -0400, Dan wrote: > >>> Hi all, > >>> > >>> I have seen libxml2 has already been added as a project in oss-fuzz [1]. > >>> Any idea about libvirt? While we could do our own fuzzing of some form, do > >>> we want to also try it out using google's free resource? > >> > >> The oss-fuzz project requires you to integrate the project with > >> the libfuzz fuzzer in the first place so you have to make it run locally > >> first anyways. > >> > >> Doing it on the oss-fuzz project is still the step after that. > > > > FYI, google is now offering rewards to projects that integrate > > with oss-fuzz > > > > "To qualify for these rewards, a project needs to have a large > > user base and/or be critical to global IT infrastructure. > > Eligible projects will receive $1,000 for initial integration, > > and up to $20,000 for ideal integration (the final amount is > > at our discretion). You have the option of donating these > > rewards to charity instead, and Google will double the amount." > > > > I'd like to think libvirt qualifies under "large user base" and > > "critical to global IT" given prevelance of the cloud these days, > > but no guarantees > > > > https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html > > Right. I've read this on G+ during the weekend. And now that we have > accepted a student for the fuzzing GSoC project, we can work towards > that goal. > > > > > Not that libvirt really has any current need for monetary funds. If it ever > > came to pass, we could just have a poll amongst active contributors to > > vote on suggestions of what todo with it (donate it, spend it, fund something, > > etc). > > I don't know any details, but I know from the past that receiving money > for orgs wasn't trivial (at least for GSoC). We had to have an law > entity that covers the project. Since there was none, we donated our > mentor money to Tor foundation. But it has changed a while ago (again, > at least for GSoC), so maybe we are eligible to receive money after all. Yep, just telling Google to donate it directly to a charity of our choosing would probably end up being the simplest option from a legal pov, as it would avoid us handling it at all. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
