On Mon, May 11, 2026 at 05:17:57PM +0100, Alex Bennée wrote:
> Binary test cases are sketchy because they can be vectors for phishing
> and other malware. Lets strongly hint that source bases tests are
> preferred and binaries should have their provenance declared.
>
> Suggested-by: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>
> ---
> v2
> - typos
> ---
> .gitlab/issue_templates/bug.md | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/.gitlab/issue_templates/bug.md b/.gitlab/issue_templates/bug.md
> index 53a79f58284..e20f586008d 100644
> --- a/.gitlab/issue_templates/bug.md
> +++ b/.gitlab/issue_templates/bug.md
> @@ -55,6 +55,10 @@ https://www.qemu.org/contribute/security-process/
> <!--
> Attach logs, stack traces, screenshots, etc. Compress the files if necessary.
> If using libvirt, libvirt logs and XML domain information may be relevant.
> +
> +If attaching binary test cases you should describe where they were obtained
> +from, preferably linking to the original source. We greatly prefer test cases in
> +the form of source code that can be audited before compiling by the engineer.
> -->
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
With regards,
Daniel
--
|: https://berrange.com ~~ https://hachyderm.io/@berrange :|
|: https://libvirt.org ~~ https://entangle-photo.org :|
|: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :|