Bug 199611

I'll review this package, but before doing it you have to do some small fixes
in your SPEC file.

 * change License field from Freeware to WTFPL
 * you should include monsterz.score and monster.desktop as another sources,
do not create it in SPEC file
 * please read http://fedoraproject.org/wiki/Extras/SIGs/Games#head-
177dfd094f552a49a7b33ae4c65894ffac8f7853,
according to it, you should change game directory from %{_datadir}/games/%{name}
to %{_datadir}/%{name}

Spec URL: http://dribble.org.uk/reviews/monsterz.spec
SRPM URL: http://dribble.org.uk/reviews/monsterz-0.7.0-5.src.rpm

Thanks, this should fix those issues.

You have to do one more thing. http://fedoraproject.org/wiki/Extras/SIGs/Games
also says that data files should be packaged seperately of main package.
Thus make new -data subpackage and include into it %{_datadir}/%{name} and, for
the main package, make monsterz-data dependency. Take a look on
http://cvs.fedora.redhat.com/viewcvs/*checkout*/rpms/tong/FC-5/
tong.spec?root=extras if you would like to see how should it looks like.

(In reply to comment #3)
> You have to do one more thing. http://fedoraproject.org/wiki/Extras/SIGs/Games
> also says that data files should be packaged seperately of main package.
> Thus make new -data subpackage and include into it %{_datadir}/%{name} and, for
> the main package, make monsterz-data dependency. Take a look on
> http://cvs.fedora.redhat.com/viewcvs/*checkout*/rpms/tong/FC-5/
> tong.spec?root=extras if you would like to see how should it looks like.

It's more important to separate the two when upstream 

Ignore my previous comment.  I hit 'submit' too soon.

Anyway, you might also want to use 'install -p' to preserve the timestamps on
the source files.

I'm also concerned about the setgid scoreboard handling.  To my untrained eye,
it looks secure.  But there might be concurrency issues if multiple users try to
write to the file at the same time.  I don't see any sort of locking to ensure
synchronized access, but then again, the section of code that actually writes to
the file is pretty isolated and short-lived, so it might not be enough to worry
about.

Spec URL: http://dribble.org.uk/reviews/monsterz.spec
SRPM URL: http://dribble.org.uk/reviews/monsterz-0.7.0-6.src.rpm

Here's the latest version. 

It looks secure to me, but I'm also an untrained eye. I agree, there appears to 
be no file locking although the example on the wiki doesn't seem to imply this 
either. I think the possibility of corrupting the scoreboard file is extremely 
small but that's just IMHO. :-)

MUST items:
 * rpmlint output:
I: monsterz checking
W: monsterz invalid-license WTFPL
E: monsterz non-standard-executable-perm /usr/bin/monsterz 02755
I: monsterz-data checking
W: monsterz-data invalid-license WTFPL
W: monsterz-data no-documentation
I: monsterz-debuginfo checking
W: monsterz-debuginfo invalid-license WTFPL
 despite error, permissions of /usr/bin/monsterz are good
 * package is named good
 * spec file name is correct
 * package meets Packaging Guidelines
 * package is licensed with an open-source compatible license
 * License field in .spec file matches the actual license (WTFPL)
 * spec file is written in American English and is legible
 * md5sum of upstream source and provided in SRPM is matching
(323d04d4a2a2905df91eab4ff17e537d)
 * package succesfully compile on i386
 * dependencies are good
 * there are no locales
 * no need to /sbin/ldconfig
 * there is no duplicate files in %files
 * spec file hadnles macros properly
 * there is no need to -devel subpackage
 * package doesn't contatin any .la files
 * desktop file is created properly

And the package compiles successfully on mock.

> I think the possibility of corrupting the scoreboard file is extremely 
> small but that's just IMHO. :-)

IMHO, too ;)

Approved.
 

Ian, you have imported package on CVS, but why haven't you built it?

I was waiting for the additional branches :-) It's building now.