Bug 2211180 (review-rust-sha256)
| Summary: | Review Request: rust-sha256 - SHA256 Crypto digest | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Michel Lind <michel> |
| Component: | Package Review | Assignee: | Fabio Valentini <decathorpe> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | decathorpe, package-review |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | Flags: | decathorpe:
fedora-review+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-01-17 01:05:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2211182 | ||
|
Description
Michel Lind
2023-05-30 16:00:15 UTC
This crate claims to be "MIT AND Apache-2.0" (why AND??), but it only contains a license file for Apache-2.0, but no license file for MIT ... can you report this upstream? This looks very weird for a small crate like this ... it's literally only ~100 LOC. (In reply to Fabio Valentini from comment #1) > This crate claims to be "MIT AND Apache-2.0" (why AND??), but it only > contains a license file for Apache-2.0, but no license file for MIT ... can > you report this upstream? This looks very weird for a small crate like this > ... it's literally only ~100 LOC. Ah, good catch, thanks. Filed this: https://github.com/baoyachi/sha256-rs/issues/11 Updated spec and SRPM. Currently assuming it's still MIT AND Apache-2.0, but my PR fixes both issues in separate commits so hopefully upstream takes both changes. Spec URL: https://salimma.fedorapeople.org/rust-sha256.spec SRPM URL: https://salimma.fedorapeople.org/rust-sha256-1.1.3-1.fc38.src.rpm Thanks for submitting those upstream. Adding the missing license file but keeping the AND specifier is a good solution for now, I think. But it looks like you uploaded an unmodified SRPM file but the updated spec file? The contents don't match between the two links. Side note: It might be a good idea to change the summary to "SHA256 crypto digest". The heuristic for trimming fails in this case ... This is an automatic action taken by review-stats script. The ticket submitter failed to clear the NEEDINFO flag in a month. As per https://fedoraproject.org/wiki/Policy_for_stalled_package_reviews we consider this ticket as DEADREVIEW and proceed to close it. Updated summary and description, sorry for the delay. Also updated to the latest version for the updated calamine nu-command now needs, which contains the merged license PR Spec URL: https://salimma.fedorapeople.org/rust-sha256.spec SRPM URL: https://salimma.fedorapeople.org/rust-sha256-1.5.0-1.fc38.src.rpm Package was generated with rust2rpm, simplifying the review. - package builds and installs without errors on rawhide - test suite is run and all unit tests pass - latest version of the crate is packaged - license matches upstream specification (MIT OR Apache-2.0) and is acceptable for Fedora - license file is included with %license in %files - package complies with Rust Packaging Guidelines Package APPROVED. === Recommended post-import rust-sig tasks: - set up package on release-monitoring.org: project: $crate homepage: https://crates.io/crates/$crate backend: crates.io version scheme: semantic version filter: alpha;beta;rc;pre distro: Fedora Package: rust-$crate - add @rust-sig with "commit" access as package co-maintainer (should happen automatically) - set bugzilla assignee overrides to @rust-sig (optional) - track package in koschei for all built branches (should happen automatically once rust-sig is co-maintainer) The Pagure repository was created at https://src.fedoraproject.org/rpms/rust-sha256 FEDORA-2024-63e1b288f5 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-63e1b288f5 FEDORA-2024-899954a1f9 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2024-899954a1f9 FEDORA-2024-63e1b288f5 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-63e1b288f5 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-63e1b288f5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2024-899954a1f9 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-899954a1f9 \*` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-899954a1f9 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2024-63e1b288f5 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2024-899954a1f9 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report. |