Bug 1371340

Summary: Review Request: miniflux - Minimalist web based news reader
Product: [Fedora] Fedora Reporter: Robert Bost <bostrt>
Component: Package ReviewAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: o.lemasle, package-review, rbost
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: Trivial
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-30 00:49:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 177841    

Description Robert Bost 2016-08-30 00:13:01 UTC 
Spec URL: https://bostrt.fedorapeople.org/miniflux.spec
SRPM URL: https://bostrt.fedorapeople.org/miniflux-1.1.10-1.fc24.src.rpm
Description:

I've created a package for a web based new reader called miniflux. I look forward to a review and any improvement suggestions!

Fedora Account System Username: bostrt

Successful Koji scratch build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=15432310

# rpmlint miniflux.spec 
0 packages and 1 specfiles checked; 0 errors, 0 warnings.
# rpmlint miniflux.spec ../RPMS/noarch/miniflux-1.1.10-1.fc24.noarch.rpm ../SRPMS/miniflux-1.1.10-1.fc24.src.rpm 
miniflux.noarch: W: non-etc-or-var-file-marked-as-conffile /usr/share/miniflux/config.php
miniflux.noarch: W: no-documentation
miniflux.noarch: W: hidden-file-or-dir /usr/share/miniflux/vendor/fguillot/picofeed/lib/PicoFeed/Rules/.over-blog.com.php
miniflux.noarch: E: htaccess-file /usr/share/miniflux/rules/.htaccess
miniflux.noarch: W: hidden-file-or-dir /usr/share/miniflux/vendor/fguillot/picofeed/lib/PicoFeed/Rules/.blogs.nytimes.com.php
miniflux.noarch: E: htaccess-file /usr/share/miniflux/controllers/.htaccess
miniflux.noarch: E: htaccess-file /usr/share/miniflux/data/favicons/.htaccess
miniflux.noarch: W: hidden-file-or-dir /usr/share/miniflux/vendor/fguillot/picofeed/lib/PicoFeed/Rules/.nytimes.com.php
miniflux.noarch: E: htaccess-file /usr/share/miniflux/fever/.htaccess
miniflux.noarch: W: hidden-file-or-dir /usr/share/miniflux/vendor/fguillot/picofeed/lib/PicoFeed/Rules/.blog.lemonde.fr.php
miniflux.noarch: E: htaccess-file /usr/share/miniflux/models/.htaccess
miniflux.noarch: W: hidden-file-or-dir /usr/share/miniflux/vendor/fguillot/picofeed/lib/PicoFeed/Rules/.igen.fr.php
miniflux.noarch: W: hidden-file-or-dir /usr/share/miniflux/vendor/fguillot/picofeed/lib/PicoFeed/Rules/.wikipedia.org.php
miniflux.noarch: W: hidden-file-or-dir /usr/share/miniflux/vendor/fguillot/picofeed/lib/PicoFeed/Rules/.theguardian.com.php
miniflux.noarch: W: hidden-file-or-dir /usr/share/miniflux/vendor/fguillot/picofeed/lib/PicoFeed/Rules/.wsj.com.php
miniflux.noarch: W: hidden-file-or-dir /usr/share/miniflux/vendor/fguillot/picofeed/lib/PicoFeed/Rules/.slate.com.php
miniflux.noarch: E: htaccess-file /usr/share/miniflux/data/.htaccess
miniflux.noarch: E: htaccess-file /usr/share/miniflux/templates/.htaccess
miniflux.noarch: W: hidden-file-or-dir /usr/share/miniflux/vendor/fguillot/picofeed/lib/PicoFeed/Rules/.phoronix.com.php
miniflux.noarch: E: htaccess-file /usr/share/miniflux/lib/.htaccess
miniflux.noarch: W: hidden-file-or-dir /usr/share/miniflux/vendor/fguillot/picofeed/lib/PicoFeed/Rules/.wired.com.php
2 packages and 1 specfiles checked; 8 errors, 13 warnings.
Comment 1 Robert Bost 2016-08-31 00:49:14 UTC 
Updated default miniflux.conf VHost so that it listens on 127.0.0.1. This is because miniflux ships with default credentials.
Comment 2 Raphael Groner 2017-03-06 19:04:23 UTC 
You need to get sponsored into the packager group to be able to send packages into Fedora repository. Please follow the general guidelines:
https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group
Comment 3 Olivier Lemasle 2017-03-07 10:26:53 UTC 
This package seems to have some issues (see below). I'm not yet
a maintainer, as I haven't been sponsored, so this comment is unofficial.

- The source tarball includes multiple bundled libraries in the "vendor" directory, like zendframework, picofeed, etc. According to the Fedora Packaging Guidelines, these should not be bundled, as system libraries should be used.

- Config file /usr/share/miniflux/config.php should not be under /usr

- As noted in the rpmlint output, this package includes .htaccess files, which should be replaced by central configuration in /etc/, which is less vulnerable to attack (See https://fedoraproject.org/wiki/Apache_HTTP_Server#Installing_webapps)

Additionally, new releases of Miniflux have been released since the original upload of the SPEC (last: 1.2.1)
Comment 4 Robert Bost 2017-03-08 02:30:19 UTC 
Thanks for the input. I'll proceed with making these adjustments (in addition to updating to latest version).
Comment 5 Robert Bost 2017-03-30 00:49:09 UTC 
Putting this package into Fedora Copr for now. There's quite a bit of work needed to pull out the vendor libs into other packages.

Closing this bz for the time being.