[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#465204: ITP: fusil -- Fuzzing program to test applications

On Mon, Feb 11, 2008 at 09:46:48AM +0100, Pierre Chifflier wrote:

> * Package name    : fusil
> * URL             : http://fusil.hachoir.org
>   Description     : Fuzzing program to test applications
>  Fusil project is a fuzzing program for any project type (remote
>  process, fake HTTP server, fuzz network socket, etc.). Fusil
>  implementation is based on multi-agent system architecture.
>  Fusil is able to crash ClamAV, Image Magick, libc printf(),  Mplayer,
>  PHP, RPM, xterm, libc gettext, libc environment variables, libpoppler
>  (pdf), vim, etc

The description is very unclear to me. After looking at the Fusil
website, I have some understanding of what fusil does.  It is not a
stand-alone program like fuzz or zzuf that work directly with any
program. It rather is a framework that allows you to write Python
scripts that specifically target a certain program. You should mention
that in the long description.

The part about the implementation being based on a multi-agent system
architecture is not useful information. "multi-agent" is a bit of a
buzzword that can mean many things. Furthermore, it is not useful for a
user of a program to know whether it is implemented in C, with a
multi-agent system or with bananas.

The list of programs and libraries that Fusil can crash will change over
time, since the whole point of Fusil is to find bugs so one can fix
them. If you want to mention it, change the sentence to the past or
perfect tense, like "Fusil was able to..." or "Fusil has been used

Met vriendelijke groet / with kind regards,
      Guus Sliepen <guus@debian.org>

Attachment: signature.asc
Description: Digital signature

Reply to: