We have a request from someone to join the WG. I don't know who they are, or what the policy around that should be: https://github.com/rust-lang/team/pull/103#issuecomment-527554952
guess I should look into how the other WGs handle this sort of thing
anyone know this person?
Nope, not me
Nope. Apparently we have a mutual contact on linkedin but I can't see who
Uh, I guess I'd reply that participation in WG doesn't require being on that list, and tell them to come hang out with us on Zulip?
Is that team info actually surfaced anywhere other an obscure toml file?
On the site. Let me find the link....
OK, I know what I'm putting on my resume now :joy:
Why is the title of that page 'Unknown localization governance-team-wg-secure-code-name …' though on my end?
I think that's a bug in localization (cc @Florian Gilcher, I think?)
You've earned it. Too many times when I'm fuzzing and think I found something new I goto the github page and see your user icon and go "oh damn". You are busy
FWIW I haven't done any fuzzing in a while. You can find new bugs simply by running existing fuzzing harnesses on libs.
Although the situation with continuous fuzzing is improving - fuzzit.dev has easy Rust integration now
not sure if anyone's figured out Google's OSS-fuzz yet
Yeah same. I took a break to rewrite the rust fuzzing book. Unfortunately I got derailed from that goal. That's going to be where I picked up when I get back though
I'm really stoked for someone adapting https://github.com/AngoraFuzzer/Angora for Rust. The thing is, the fuzzer is written in Rust but it uses older LLVM so it can't fuzz Rust code yet
The docs in there are a bit light but a great start. I wanted to expand on it more and cover other fuzzers, strategies etc. I'll hit yall up when I get something together to check over it
It looked pretty solid to me actually, just needed "DISABLE ALL CHECKSUMS" in big letters
There are a few others things missing. Like expanding on how to use arbitrary. I had to read through the source to get a handle on it. It still seems weird that fuzzers I had looked at at the time used the ring buffer when generating structs.
Oh if you figure out how to use Arbitrary I'll be eternally grateful. Everyone just throws a ring buffer at it, I decline to do so and just get panics because there is not data in the buffer instead. Both options suck.
Ring buffer potentially sucks less.
It feels like very advanced stuff though, I'm not sure it's in scope for the book even
https://github.com/jakubadamw/arbitrary-model-tests - this is recent and very cool
contains Arbitrary + fuzzers
https://github.com/Eh2406/auto-fuzz-test this is my attempt
Oh, and https://github.com/blt/bughunt-rust also does Arbitrary+fuzzers but in a slightly awkward way
I know I don't really hang out in zulip much (yet), but I would nevertheless like to join this WG. I guess maybe @Shnatsel can vouch for my activity in
#black-magic and safety-dance :shrug:
Oh yeah, I can. You can also link plenty of Github activity as proof!
@simulacrum yes, can you please report to
rust-lang/www.rust-lang.org. It's just not available yet.