Bug 2415237

Summary: Review Request: skipfish - Web application security scanner
Product: [Fedora] Fedora Reporter: Michal Ambroz <rebus>
Component: Package ReviewAssignee: Phil Wyett <philip.wyett>
Status: ASSIGNED --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: athmanem, package-review, philip.wyett, rebus
Target Milestone: ---Flags: philip.wyett: fedora-review+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Ambroz 2025-11-16 05:57:27 UTC 
Spec URL: https://rebus.fedorapeople.org/skipfish.spec
SRPM URL: https://rebus.fedorapeople.org/skipfish-2.10-0.24.b.fc42.src.rpm

Description:
High-performance, easy, and sophisticated Web application security testing
tool. It features a single-threaded multiplexing HTTP stack, heuristic
detection of obscure Web frameworks, and advanced, differential security
checks capable of detecting blind injection vulnerabilities, stored XSS,
and so forth.

Fedora Account System Username: rebus
Comment 1 Michal Ambroz 2025-11-16 05:59:45 UTC 
Hello,
using the patches from debian/kali I would like to revive in Fedora a skipfish package, which I was previously maintaining.

Scratchbuild is here https://koji.fedoraproject.org/koji/taskinfo?taskID=138955541

Michal Ambroz
Comment 2 Fedora Review Service 2025-11-16 06:02:20 UTC 
Copr build:
https://copr.fedorainfracloud.org/coprs/build/9802157
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2415237-skipfish/fedora-rawhide-x86_64/09802157-skipfish/fedora-review/review.txt

Found issues:

- pcre-devel is deprecated, you must not depend on it.
  Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/deprecating-packages/
- License file COPYING is not marked as %license
  Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/#_license_text
- A package with this name already exists. Please check https://src.fedoraproject.org/rpms/skipfish
  Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/Naming/#_conflicting_package_names

Please know that there can be false-positives.

---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.
Comment 3 Michal Ambroz 2025-11-17 00:13:44 UTC 
Spec URL: https://rebus.fedorapeople.org/skipfish.spec
SRPM URL: https://rebus.fedorapeople.org/skipfish-2.10-0.25.b.fc42.src.rpm

> - License file COPYING is not marked as %license
truth - fixed

> - A package with this name already exists. Please check https://src.fedoraproject.org/rpms/skipfish
yes package exists and I am the package owner. It was FTPBFS for some time due to changes in gcc.
I managed to make it compile again with couple of patches from debian/kali.

> - pcre-devel is deprecated, you must not depend on it.
next thing I will be working on
For now - this is not a new dependency for this package, I hope it is not blocker for this package to be re-approved.
Comment 4 Phil Wyett 2026-03-23 19:45:30 UTC 
Hi,

This package has never come out of beta and the last release was December 2012. What is the motivation for resurrecting a long unmaintained package?

Regards

Phil
Comment 5 Michal Ambroz 2026-03-30 09:29:34 UTC 
Hello,
> This package has never come out of beta and the last release was December 2012.
> What is the motivation for resurrecting a long unmaintained package?
It still works great even after those years. 
It is free, open-source and fast. It works from commandline and you can easily feed it with your custom dictionaries.

It is still relevant tool and there are still new people doing reviews and howtos about it:
https://www.youtube.com/results?search_query=skipfish&sp=EgQIBVgD

Michal Ambroz
Comment 6 Phil Wyett 2026-03-30 12:39:13 UTC 
Hi,

Package looks good.

I do hope you take this package and move upstream to another provider such as GitHub and become the default upstream project.

Your first task after getting back into Fedora will be to move swifly away from 'pcre-devel'.

I am happy and will mark the package as '+' ans hopeyou can bring this package up to date with a shriving community.

As a 'packager' will now be able to import your srpm etc.

Regards

Phil