Bug 198691

Summary: Review Request: steghide - A Steganography Program
Product: [Fedora] Fedora Reporter: Jochen Schmitt <jochen>
Component: Package ReviewAssignee: Chris Weyl <cweyl>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Package Reviews List <fedora-package-review>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: panemade
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-24 15:13:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 163779    

Description Jochen Schmitt 2006-07-12 20:15:31 UTC 
Spec: http://www.herr-schmitt.de/pub/steghide/steghide.spec
SRPM: http://www.herr-schmitt.de/pub/steghide/steghide-0.5.1-1.src.rpm

Steghide is a steganography program that is able to hide data in various kinds
of image- and audio-files. The color- respectivly sample-frequencies are not
changed thus making the embedding resistant against first-order statistical
tests. Features of steghide include compression and encryption of embedded
data,

embedding of a checksum to verify the integrity of the extracted data and
support for jpeg, bmp, wav and au files.
Comment 1 Parag AN(पराग) 2006-07-13 19:01:29 UTC 
== Not an official review as I'm not yet sponsored ==
   Mock build for development i386 is sucessfull with warnings 
CvrStgObject.h:40: warning: 'class CvrStgObject' has virtual functions but
non-virtual destructor
MCryptPPTest.cc: In member function 'bool MCryptPPTest::genericTestDecryption()':
MCryptPPTest.cc:47: warning: control reaches end of non-void function
MCryptPPTest.cc: In member function 'bool MCryptPPTest::genericTestEncryption()':
MCryptPPTest.cc:43: warning: control reaches end of non-void function


* MUST Items:
      - rpmlint shows no error. 
      - dist tag is present.
      - The package is named according to the Package Naming Guidelines.
      - The spec file name matching the base package steghide, in the
format steghide.spec.
      - This package meets the Packaging Guidelines.
      - The spec file for the package MUST be legible.
      - The package is licensed with an open-source compatible license GPL.
      - This package includes License file COPYING.
      - This source package includes the text of the license in its own file,and
that file, containing the text of the license for the package is included in %doc.
      - The sources used to build the package matches the upstream source,
as provided in the spec URL. md5sum is correct (5be490e24807d921045780fd8cc446b3)
      - This package successfully compiled and built into binary rpms for i386
architecture.
      - This package did not containd any ExcludeArch.
      - This package handled locales properly. This is done by using the
%find_lang macro. Not used %{_datadir}/locale/*.
      - This package owns all directories that it creates. 
      - This package did not contain any duplicate files in the %files
listing.
      - This package  have a %clean section, which contains rm -rf
$RPM_BUILD_ROOT.
      - This package used macros.
      - Document files are included like README.
      - Package did NOT contained any .la libtool archives.

Also,
      * Source URL is present and working.
      * BuildRoot is correct BuildRoot:       
%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
      * BuildRequires is correct
      * Package is working fine on i386.
Comment 2 Paul Howarth 2006-07-13 19:48:48 UTC 
Bug appears to have been closed by mistake
Comment 3 Chris Weyl 2006-07-21 04:04:54 UTC 
Parag:

Good first pass at a review.  Note that compiler warnings like that are
generally disregarded for the purposes of review, unless it's something
_serious_ or correctable on our end.  But, that being said, when in doubt, note it.

The MUSTs are good places to start for reviews, as you've discovered...  I
encourage you to look at the other templates people are using (or patently
stealing, like me <grin>).  Keep it up, you're improving each time around.

Jochen:

I'd recommend addressing the rpmlint warning below as it's a lot of visual
spam otherwise, but it's not a blocker.

+ package meets naming and packaging guidelines.
+ specfile is properly named, is cleanly written and uses macros consistently.
+ dist tag is present.
+ build root is correct.
+ license field matches the actual license.
+ license is open source-compatible.  License text included in package.
+ source files match upstream:
 5be490e24807d921045780fd8cc446b3  steghide-0.5.1.tar.gz
 5be490e24807d921045780fd8cc446b3  steghide-0.5.1.tar.gz.srpm
+ latest version is being packaged.
+ BuildRequires are proper.
+ package builds in mock (5+devel/x86_64).
+ rpmlint is silent on binary package
O rpmlint issues warming on source package (ignorable)
W: steghide setup-not-quiet
+ final provides and requires are sane:
 steghide-0.5.1-1.fc5.x86_64.rpm
 == provides
 steghide = 0.5.1-1.fc5
 == requires
 libc.so.6()(64bit)
 libgcc_s.so.1()(64bit)
 libgcc_s.so.1(GCC_3.0)(64bit)
 libjpeg.so.62()(64bit)
 libm.so.6()(64bit)
 libm.so.6(GLIBC_2.2.5)(64bit)
 libmcrypt.so.4()(64bit)
 libmhash.so.2()(64bit)
 libstdc++.so.6()(64bit)
 libstdc++.so.6(CXXABI_1.3)(64bit)
 libstdc++.so.6(CXXABI_1.3.1)(64bit)
 libstdc++.so.6(GLIBCXX_3.4)(64bit)
 libz.so.1()(64bit)
+ no shared libraries are present.
+ package is not relocatable.
+ owns the directories it creates.
+ doesn't own any directories it shouldn't.
+ no duplicates in %files.
+ file permissions are appropriate.
+ %clean is present.
+ %check is present and all tests pass:
+ no scriptlets present.
+ code, not content.
+ documentation is small, so no -docs subpackage is necessary.
+ %docs are not necessary for the proper functioning of the package.
+ no headers.
+ no pkgconfig files.
+ no libtool .la droppings.
+ not a GUI app.
+ not a web app.

APPROVED