Fix fuzz_builtin_int fuzzer reproducibility

[StanFromIreland]

While trying to reproduce https://oss-fuzz.com/testcase-detail/6342648498814976, I realised we are randomising the base, even for the same testcase. I propose we instead use the first byte, so as to ensure reproducibility.

[StanFromIreland]

Requesting @python/fuzzers.

This was not done automatically, because per the error:

Unknown owner on line 135: make sure the team @python/fuzzers exists, is publicly visible, and has write access to the repository

@python/organization-owners, can you please add it to the team to fix this?

[coderanger]

@StanFromIreland Can you confirm everyone on the team already has write access? (I can diff permissions later if you are unsure)

[StanFromIreland]

@coderanger, "write access" doesn’t actually give write access in CPython (e.g., this is the level it is for the triage team: https://github.com/orgs/python/teams/python-triage/repositories).

[coderanger]

I did try adding at triage but that didn't make the CODEOWNERS validation happy :) Might have just been some stuck caching though?

[ammaraskar]

Aah whoops, good catch. Yeah, the intention was to use a stable hash function here. Using byte 0 works as well.

[hugovk]

When the code owner is a team, that team must be visible and it must have write permissions, even if all the individual members of the team already have write permissions directly, through organization membership, or through another team membership.

https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners

https://github.com/orgs/python/teams/fuzzers/repositories?type=source shows "Role: Write", so that should be okay.

Visibility:

❯ gh api orgs/python/teams/fuzzers --jq '{privacy: .privacy}'
{
  "privacy": "closed"
}

To change it, an admin can go to https://github.com/orgs/python/teams/fuzzers/edit > select visible:

[ammaraskar]

Backports not needed, cpython3 fuzzers only run against main branch.

[coderanger]

@hugovk That doesn't match what I see in the team settings:

It seems like the main issue is everyone on the team needs write access to this repo. Is that okay /cc @sethmlarson

I am happy to push the buttons, just making sure I'm not accidentally also making access policy decisions by fiat :)

[sethmlarson]

Hm, that is unfortunate because there are triagers on the team. I didn't think that having mixed permissions would make GitHub unhappy (because it's okay if only certain members of @python/fuzzers can review/merge). I'm not quite sure what the best route is to resolve this, have there been teams that have run into this in the past?

[sethmlarson]

Okay, @StanFromIreland has showed me that the @python/python-triagers group has write permissions for python/cpython anyway: https://github.com/orgs/python/teams/python-triage/repositories

So we should be totally fine to add write to this GitHub team. @coderanger / @hugovk can you click the buttons here, I am unable to I believe.

[hugovk]

I don't have org admin to click those particular buttons.

---

Visibility:

❯ gh api orgs/python/teams/fuzzers --jq '{privacy: .privacy}'
{
  "privacy": "closed"
}

Ha, this is because "closed" really means "visible to all members of this organization", and the other option is "secret" meaning "only visible to organization owners and members of this team" 🙃

https://docs.github.com/en/rest/teams/teams?apiVersion=2026-03-10

[coderanger]

Team added to permissions, looks happy now :) For maximum paranoia (and because I had time to check) I did personally confirm everyone in the fuzzers team already has write access through another team.

[StanFromIreland]

It works, I tested on #145942, and, I still can't merge:-) Thanks Noah!