On Fri, May 30, 2025 at 10:52 PM Neal Gompa <ngomp...@gmail.com> wrote:
> On Fri, May 30, 2025 at 5:54 AM Albert Astals Cid <aa...@kde.org> wrote: > > > > We are trying to move most of the oss-fuzz related files to our reops > instead > > of being in https://github.com/google/oss-fuzz/ > > > > This will allow us to not have to depend on other people to merge > changes in > > them which sometimes creates a bit of friction. > > > > The problem is that those files are licenses under Apache 2 which is not > > mentioned in https://community.kde.org/Policies/Licensing_Policy > > > > I would like to propose that we add a point 18 to the policy that says > > > > 18. Files involved in the oss-fuzz tooling can be licensed under the > Apache > > License 2.0 > > > > Comments? > > > > Please see > > https://invent.kde.org/frameworks/karchive/-/merge_requests/125/diffs > > for one of the various places we would use it. > > > > Why not maintain our own oss-fuzz repo where all this is contained? > The karchive MR seems to pollute the project with weird binary files > and such. I'd rather those not be in the repo. > Those binary files are not too different to the ones at autotests/data/ already and which are used in our unit tests. Given that precedent I don't see any issue with including those files to support the fuzzer. > > > -- > 真実はいつも一つ!/ Always, there's only one truth! > Thanks, Ben
