Bug 1334611

Summary: Review Request: python-cvss - CVSS2/3 library with interactive calculator
Product: [Fedora] Fedora Reporter: pjp <pj.pandit>
Component: Package ReviewAssignee: Igor Gnatenko <ignatenko>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: mail, package-review, vkrizan
Target Milestone: ---Flags: ignatenko: fedora-review+
Target Release: ---   
Hardware: All   
OS: All   
URL: https://github.com/skontar/cvss
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-08 21:15:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description pjp 2016-05-10 07:22:06 UTC
Hello,

Please see:
    SPEC: https://pjp.fedorapeople.org/python-cvss.spec
    SRPM: https://pjp.fedorapeople.org/python-cvss-1.2-1.fc23.src.rpm
    Koji: http://koji.fedoraproject.org/koji/taskinfo?taskID=13991143

It is a python package that provides utilities to calculate CVSS v2/v3 scores for security vulnerabilities. It caters to both Python v2 and v3.

    Cvss -> https://www.first.org/cvss

Could someone please review it?

Comment 1 Fabian Affolter 2016-05-11 07:55:05 UTC
Just a couple of comments:

- The Group: tag is unnecessary.
- Why not use releases (https://github.com/skontar/cvss/releases) instead of commits?
- Please remove the travis section from the description.
- Consider to build a py2 and a py3 package.
- Please follow https://fedoraproject.org/wiki/Packaging:Python

Comment 2 Fabian Affolter 2016-05-14 13:40:56 UTC
BTW, the reviewer should set the flags not the reporter.

Comment 4 Igor Gnatenko 2016-08-17 13:22:27 UTC
You build from git checkout, but you still have release version. Or change release to respect shortcommit or remove commit hashes and build released version.

> Summary:        CVSS2/3 library with interactive calculator for Python 2 & 3
Summary:        CVSS2/3 library with interactive calculator

> BuildRequires:  python-setuptools
BuildRequires: python2-setuptools
BuildRequires: python3-setuptools

* %{_bindir}/cvss_calculator should be referenced only from python3 version
* Use %{summary} from subpackages to not duplicate text

Comment 5 pjp 2016-08-17 15:53:12 UTC
Hello Igor,

(In reply to Igor Gnatenko from comment #4)
> You build from git checkout, but you still have release version. Or change
> release to respect shortcommit or remove commit hashes and build released
> version.

  It is a released version. The commit hash is used for the tarball because rpmlint(1) complains about resolving github release URLs like below

  https://github.com/skontar/cvss/archive/v1.2.tar.gz

It does not have package name in it. It is a known issue.

Please see:
 -> https://fedoraproject.org/wiki/Packaging:SourceURL?rd=Packaging/SourceURL

 
> > Summary:        CVSS2/3 library with interactive calculator for Python 2 & 3
> Summary:        CVSS2/3 library with interactive calculator

  Okay.
 
> > BuildRequires:  python-setuptools
> BuildRequires: python2-setuptools
> BuildRequires: python3-setuptools

  Okay.

> * %{_bindir}/cvss_calculator should be referenced only from python3 version

  Wouldn't it be required with python 2.x version ?

> * Use %{summary} from subpackages to not duplicate text

  Okay.

Thank you so much.

Comment 6 Igor Gnatenko 2016-08-17 15:56:02 UTC
(In reply to pjp from comment #5)
> Hello Igor,
> 
> (In reply to Igor Gnatenko from comment #4)
> > You build from git checkout, but you still have release version. Or change
> > release to respect shortcommit or remove commit hashes and build released
> > version.
> 
>   It is a released version. The commit hash is used for the tarball because
> rpmlint(1) complains about resolving github release URLs like below
> 
>   https://github.com/skontar/cvss/archive/v1.2.tar.gz
> 
> It does not have package name in it. It is a known issue.
-> %{url}/archive/v%{version}/%{srcname}-%{version}.tar.gz
> 
> Please see:
>  -> https://fedoraproject.org/wiki/Packaging:SourceURL?rd=Packaging/SourceURL
> 
>  
> > > Summary:        CVSS2/3 library with interactive calculator for Python 2 & 3
> > Summary:        CVSS2/3 library with interactive calculator
> 
>   Okay.
>  
> > > BuildRequires:  python-setuptools
> > BuildRequires: python2-setuptools
> > BuildRequires: python3-setuptools
> 
>   Okay.
> 
> > * %{_bindir}/cvss_calculator should be referenced only from python3 version
> 
>   Wouldn't it be required with python 2.x version ?
Then you should rename it. But if they produce same result you should package only py3 version. So it should go only under python3- subpkg.
> 
> > * Use %{summary} from subpackages to not duplicate text
> 
>   Okay.
> 
> Thank you so much.

Comment 10 Igor Gnatenko 2016-08-24 11:14:28 UTC
> %global summary CVSS2/3 library with interactive calculator
define it in Summary tag, and it will still work

Comment 11 Gwyn Ciesla 2016-08-24 11:45:38 UTC
Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/rpms/python-cvss

Comment 12 Fedora Update System 2016-08-25 07:32:05 UTC
python-cvss-1.3-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-02cbbe6305

Comment 13 Fedora Update System 2016-08-25 07:32:13 UTC
python-cvss-1.3-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-48bee32b94

Comment 14 Fedora Update System 2016-08-25 07:32:18 UTC
python-cvss-1.3-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b23100ecb

Comment 15 Fedora Update System 2016-08-25 09:27:57 UTC
python-cvss-1.3-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-48bee32b94

Comment 16 Fedora Update System 2016-08-25 10:28:04 UTC
python-cvss-1.3-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-02cbbe6305

Comment 17 Fedora Update System 2016-08-25 10:31:18 UTC
python-cvss-1.3-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1b23100ecb

Comment 18 Fedora Update System 2016-08-26 16:41:57 UTC
python-cvss-1.3-2.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c8d5d75f85

Comment 19 Fedora Update System 2016-08-26 16:42:04 UTC
python-cvss-1.3-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8a2d144b6e

Comment 20 Fedora Update System 2016-08-27 21:17:33 UTC
python-cvss-1.3-2.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c8d5d75f85

Comment 21 Fedora Update System 2016-08-27 21:19:22 UTC
python-cvss-1.3-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8a2d144b6e

Comment 22 Fedora Update System 2016-08-31 18:54:20 UTC
python-cvss-1.4-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-88e934c10e

Comment 23 Fedora Update System 2016-08-31 18:54:28 UTC
python-cvss-1.4-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-5fbedde163

Comment 24 Fedora Update System 2016-08-31 18:54:34 UTC
python-cvss-1.4-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6e60fde431

Comment 25 Fedora Update System 2016-08-31 18:54:39 UTC
python-cvss-1.4-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-7f00da57d6

Comment 26 Fedora Update System 2016-08-31 18:54:45 UTC
python-cvss-1.4-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c54f8c59da

Comment 27 Fedora Update System 2016-09-01 19:52:29 UTC
python-cvss-1.4-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7f00da57d6

Comment 28 Fedora Update System 2016-09-01 20:22:03 UTC
python-cvss-1.4-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-88e934c10e

Comment 29 Fedora Update System 2016-09-01 20:24:04 UTC
python-cvss-1.4-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-5fbedde163

Comment 30 Fedora Update System 2016-09-01 23:47:06 UTC
python-cvss-1.4-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c54f8c59da

Comment 31 Fedora Update System 2016-09-01 23:47:34 UTC
python-cvss-1.4-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6e60fde431

Comment 32 Viliam Kri┼żan 2016-09-08 08:05:41 UTC
Hello,

Is there a reason why some python files are removed for Fedora 22 and less?:
```
rm $RPM_BUILD_ROOT%{python2_sitelib}/cvss/cvss3.py*
rm $RPM_BUILD_ROOT%{python2_sitelib}/cvss/constants3.py*
```

These should be regular python modules for CVSSv3. Maybe it was mistaken for python 3 support (?).

Comment 33 Fedora Update System 2016-09-08 21:15:38 UTC
python-cvss-1.4-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 34 Fedora Update System 2016-09-16 23:21:30 UTC
python-cvss-1.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 35 Fedora Update System 2016-09-17 04:16:03 UTC
python-cvss-1.4-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 36 Fedora Update System 2016-09-17 04:18:18 UTC
python-cvss-1.4-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 37 Fedora Update System 2016-09-17 19:20:22 UTC
python-cvss-1.4-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.