I'm packaging American Fuzzy Loop (AFL) a fuzzing tool in Fedora. https://src.fedoraproject.org/rpms/american-fuzzy-lop
This is the upstream we're using: https://lcamtuf.coredump.cx/afl/ https://github.com/google/AFL Upstream is dead. -ish. To be more precise there's some but not a great deal of work going on at this upstream. Original author Michal Zalewski left Google a few years back. However there is a fork called AFL++: https://aflplus.plus/ https://github.com/AFLplusplus/AFLplusplus This fork is certainly a lot more active, and has made some significant improvments. Debian has switched upstreams, or to be more precise (again) they have added a new afl++ package, and created a transitional package to replace the original afl which if I'm understanding things correctly will replace afl with afl++ on upgrades: https://packages.debian.org/sid/afl Anyway I'm wondering if we should switch upstreams. I think if the old upstream was truly dead then I wouldn't even bother asking. It's because old upstream is still making occasional releases that the problem arises. If we switch it's likely that we won't easily be able to go back. On the "pro-switch" side, Google themselves seem to have switched to AFL++ for their hosted OSS-Fuzz service, if I'm reading this page right: https://google.github.io/oss-fuzz/ I would like to do this without re-reviewing, ie. just replace the Source/URL and go. If a full review is required then I'll let someone else take over the effort. Thoughts? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
