Bug 225746
| Summary: | Merge Review: fedora-release | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nobody's working on this, feel free to take it <nobody> |
| Component: | Package Review | Assignee: | Nigel Jones <dev> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Package Reviews List <fedora-package-review> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | dcantrell |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | Flags: | dev:
fedora-review+
j: fedora-cvs+ |
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 7.89-3 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-03-31 00:36:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Nobody's working on this, feel free to take it
2007-01-31 18:35:45 UTC
rpmlint's output: RPM: W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-test W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-legacy W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide W: fedora-release non-conffile-in-etc /etc/fedora-release W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-extras W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide SRPM: W: fedora-release unversioned-explicit-obsoletes redhat-release W: fedora-release unversioned-explicit-provides redhat-release Partial review:
BLOCKERS:
* No upstream tarball to compare with included tarball (MUST item)
* Version of source (6) doesn't match package version (6.90)
* Description field is the same as summary field.
* Licensing is quite varied and contradictory:
- The License field mentions GFDL, while no mention of such a license exists
in the tarball contents.
- The tarball contains a copy of GPL, while no file in the package is actually
licensed under the GPL either.
- The license for the program "eula.py" is not mentioned in its header, making
it proprietary software.
- The file "README-Accessibility" in the package says "Copyright © 2003 by
Red Hat, Inc." (no mention of license, free or not)
- The file "eula.txt" in the package says "Copyright (C) 2003, 2004, 2005,
2006 Fedora Project. All rights reserved." (definitely not free) and also
mentions a few trademarks.
* The file "eula.txt" mentions weird things:
- It says there is something called "Fedora Core". What is that? ;-)
- It talks about "Fedora Core 6". But it's for "Fedora 7 test-something" or
"Fedora Rawhide" or something.
- It says that "The end user license agreement for each component is located
in the component's source code." Rarely true. Instead, the source code
usually contains a copyright license (like the GPL, which free software
usually has), not an end user license agreement (which proprietary software
usually has).
- It says that except "certain image files containing the Fedora trademark",
the license terms allow one to "[...] modify, and redistribute the
component". Not always true, considering packages that are only
"Distributable". Not always true because of Section 5 either.
- It talks about a package named "anaconda-images", which does not exist in
Fedora anymore.
- In its Section 5, it requires things from users in Pakistan and basically
asks them to "represent and warrant" that they will not help their
neighbor[ing countries] and ask the US government for
permission for giving a copy of the software (parts of which he may have
written himself) to his friend, among other things.
- I totally prefer licenses that say "You are not required to accept this
License, since you have not signed it" (from GPL clause 5), instead of those
who say "By downloading, installing or using the Software, User agrees to
the terms of this agreement." Who has written this anyway? ;-)
- /me escapes
SUGGESTIONS:
* "fedora-release-6" or a part of it could become a macro. At the minimum could
be replace with "%{name}-6".
* Use %{_sysconfdir} instead of /etc
* Use %{_datadir} instead of /usr/share
* Use "cp -p" and "install -p" instead of "cp" and "install" everywhere
* Use "%defattr(-,root,root,-)" instead of "%defattr(-,root,root)"
Is fedora-release-notes really required by this package? http://martin.hates-software.com/2007/02/03/fb463e68.html (In reply to comment #2) > Partial review: > > BLOCKERS: > * No upstream tarball to compare with included tarball (MUST item) Fedora is the upstream for this, our preferred method of distribution is srpm. For this reason there is no "upstream" tarball. I do believe there are guidelines being proposed to make this acceptable. > * Version of source (6) doesn't match package version (6.90) This has already been fixed. > * Description field is the same as summary field. How is this a blocker? > * Licensing is quite varied and contradictory: > - The License field mentions GFDL, while no mention of such a license exists > in the tarball contents. I changed this to GPL > - The tarball contains a copy of GPL, while no file in the package is actually > licensed under the GPL either. The eula.py file is GPL now. > - The license for the program "eula.py" is not mentioned in its header, making > it proprietary software. Fixed this. > - The file "README-Accessibility" in the package says "Copyright © 2003 by > Red Hat, Inc." (no mention of license, free or not) This file isn't packaged anymore, removing it. > - The file "eula.txt" in the package says "Copyright (C) 2003, 2004, 2005, > 2006 Fedora Project. All rights reserved." (definitely not free) and also > mentions a few trademarks. > * The file "eula.txt" mentions weird things: > - It says there is something called "Fedora Core". What is that? ;-) > - It talks about "Fedora Core 6". But it's for "Fedora 7 test-something" or > "Fedora Rawhide" or something. > - It says that "The end user license agreement for each component is located > in the component's source code." Rarely true. Instead, the source code > usually contains a copyright license (like the GPL, which free software > usually has), not an end user license agreement (which proprietary software > usually has). > - It says that except "certain image files containing the Fedora trademark", > the license terms allow one to "[...] modify, and redistribute the > component". Not always true, considering packages that are only > "Distributable". Not always true because of Section 5 either. > - It talks about a package named "anaconda-images", which does not exist in > Fedora anymore. > - In its Section 5, it requires things from users in Pakistan and basically > asks them to "represent and warrant" that they will not help their > neighbor[ing countries] and ask the US government for > permission for giving a copy of the software (parts of which he may have > written himself) to his friend, among other things. > - I totally prefer licenses that say "You are not required to accept this > License, since you have not signed it" (from GPL clause 5), instead of those > who say "By downloading, installing or using the Software, User agrees to > the terms of this agreement." Who has written this anyway? ;-) > - /me escapes > I'm not touching the eula.txt. This comes straight from our Legal team. Best bring it up to the Fedora Advisory Board and have it be an item to discuss with Legal. > SUGGESTIONS: > * "fedora-release-6" or a part of it could become a macro. At the minimum could > be replace with "%{name}-6". > * Use %{_sysconfdir} instead of /etc > * Use %{_datadir} instead of /usr/share Too much of our stuff is hardcoded to depend on these things being in /etc, it doesn't make sense to macroize it in the spec. > * Use "cp -p" and "install -p" instead of "cp" and "install" everywhere Fixed (use install -d instead of mkdir) > * Use "%defattr(-,root,root,-)" instead of "%defattr(-,root,root)" Fixed. http://people.redhat.com/jkeating/fedora-release.spec (In reply to comment #3) > Is fedora-release-notes really required by this package? > http://martin.hates-software.com/2007/02/03/fb463e68.html fedora-release-notes was split out of fedora-release during FC5 I think, maybe 6. This allowed for the docs folks to work on the release notes easier. However we need to have the Requires so that folks upgrading don't lose the relesae notes, and yes, we'd generally like the release notes to always be there and not have to be specifically asked for. Any update on this, would like to close this out. Seeking a new reviewer. (In reply to comment #7) > Seeking a new reviewer. I'm shocked that this hasn't had a full review yet, I'll take a look when I get home. Package name: OK (fedora-release)
License: FAIL (GFDL vs. GPL)
Spec Legible: OK (en_US) (see note)
md5sum matches: NA (fedora = upstream)
rpmlint clean: WARN
Builds correctly: OK (noarch)
Spec has %clean: OK
Macro use consistant: OK
Contains code/content: OK
-doc subpackage: NA
-devel subpackage: NA
-static subpackage: NA
pkgconfig depend: NA
Contains %doc: OK (GPL)
Library suffix: NA
No .la files: NA
Use desktop-file-install: NA
No duplicate ownerships: OK
rm -rf %{buildroot}: OK
RPM uses valid UTF-8: OK
%defattr is set: OK (see note)
No duplicate %files: OK
Not relocatable: OK
Calls ldconfig: NA
Supports Locales: NA
BR's are correct: OK
%files
%defattr(-,root,root,-)
%attr(0644,root,root) /etc/fedora-release
/etc/redhat-release
%dir /etc/yum.repos.d
%config(noreplace) /etc/yum.repos.d/*
%doc GPL
%config(noreplace) %attr(0644,root,root) /etc/issue
%config(noreplace) %attr(0644,root,root) /etc/issue.net
%config(noreplace) %attr(0644,root,root) /etc/rpm/macros.dist
%dir /etc/pki/rpm-gpg
/etc/pki/rpm-gpg/*
Makes me want to scream!
1. Please oh please don't put a %doc in the middle of a list of /etc files
2. %attr's seem redundant, 0644 can be implyed with install or even cp
3. I *think* %dir /etc/pki/rpm-gpg is redundant
4. I believe %{_sysconfdir} is perfered over /etc/file
Spec file claims GFDL where the tarball provides GPL
rpmlint:
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-test
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
W: fedora-release non-conffile-in-etc /etc/fedora-release
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide
W: fedora-release unversioned-explicit-obsoletes redhat-release
W: fedora-release unversioned-explicit-provides redhat-release
(last two are okay)
I'll set to reviewed when changes hit cvs
(In reply to comment #9) > License: FAIL (GFDL vs. GPL) Will fix. > %files > %defattr(-,root,root,-) > %attr(0644,root,root) /etc/fedora-release > /etc/redhat-release > %dir /etc/yum.repos.d > %config(noreplace) /etc/yum.repos.d/* > %doc GPL > %config(noreplace) %attr(0644,root,root) /etc/issue > %config(noreplace) %attr(0644,root,root) /etc/issue.net > %config(noreplace) %attr(0644,root,root) /etc/rpm/macros.dist > %dir /etc/pki/rpm-gpg > /etc/pki/rpm-gpg/* > > Makes me want to scream! > 1. Please oh please don't put a %doc in the middle of a list of /etc files Heh, will move up. Love inherited packages. > 2. %attr's seem redundant, 0644 can be implyed with install or even cp Yeah, probably best to do it at install time. > 3. I *think* %dir /etc/pki/rpm-gpg is redundant Maybe. We want to own that dir and not just the files within it. Will experiment. > 4. I believe %{_sysconfdir} is perfered over /etc/file Preferred but not necessary. Will consider. > Spec file claims GFDL where the tarball provides GPL Yeah, need to fix that. > rpmlint: > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-test > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora That's correct, these aren't config files, they're data... that happens to live in a config directory. > W: fedora-release non-conffile-in-etc /etc/fedora-release We want to overwrite this file on upgrades. Suppose it could be config but without noreplace. > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide See above about other gpg keys. > W: fedora-release unversioned-explicit-obsoletes redhat-release > W: fedora-release unversioned-explicit-provides redhat-release > > (last two are okay) > > I'll set to reviewed when changes hit cvs Working.... I changed the license, marked /etc/fedora-release as a config file (but not noreplace), removed noreplace from the macros.dist file. I left the defatters alone as we don't install or copy those files during %install, we echo directly into those files, so we need to set the perms. Changes committed to CVS, will wait for approval to do another build. (In reply to comment #9) > Package name: OK (fedora-release) > License: FAIL (GFDL vs. GPL) OX > Spec Legible: OK (en_US) (see note) > md5sum matches: NA (fedora = upstream) > rpmlint clean: WARN Acceptable > Builds correctly: OK (noarch) > Spec has %clean: OK > Macro use consistant: OK > Contains code/content: OK > -doc subpackage: NA > -devel subpackage: NA > -static subpackage: NA > pkgconfig depend: NA > Contains %doc: OK (GPL) > Library suffix: NA > No .la files: NA > Use desktop-file-install: NA > No duplicate ownerships: OK > rm -rf %{buildroot}: OK > RPM uses valid UTF-8: OK > %defattr is set: OK (see note) Acceptable > No duplicate %files: OK > Not relocatable: OK > Calls ldconfig: NA > Supports Locales: NA > BR's are correct: OK > %files > %defattr(-,root,root,-) > %attr(0644,root,root) /etc/fedora-release > /etc/redhat-release > %dir /etc/yum.repos.d > %config(noreplace) /etc/yum.repos.d/* > %doc GPL > %config(noreplace) %attr(0644,root,root) /etc/issue > %config(noreplace) %attr(0644,root,root) /etc/issue.net > %config(noreplace) %attr(0644,root,root) /etc/rpm/macros.dist > %dir /etc/pki/rpm-gpg > /etc/pki/rpm-gpg/* This looks much better > Makes me want to scream! > 1. Please oh please don't put a %doc in the middle of a list of /etc files > 2. %attr's seem redundant, 0644 can be implyed with install or even cp > 3. I *think* %dir /etc/pki/rpm-gpg is redundant > 4. I believe %{_sysconfdir} is perfered over /etc/file All fixed or with reasoning, I will once again note that we pull up people for using /etc instead of %{_sysconfdir} (In reply to comment #10) > (In reply to comment #9) > > rpmlint: > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora- test > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora- rawhide > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora > That's correct, these aren't config files, they're data... that happens to live > in a config directory. > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide > See above about other gpg keys. I wonder, would these be better in /usr/share/fedora or similar? (/usr/share/fedora/gpg/RPM-GPG-KEY-whatever). A symlink could be created to keep 3rd party repos happy. Otherwise, all fine, go ahead and build like crazy :P Package Change Request ====================== Package Name: fedora-release New Branches: F-10 cvs done Package Change Request ====================== Package Name: fedora-release New Branches: F-11 cvs done. Package Change Request ====================== Package Name: fedora-release New Branches: F-12 CVS done. |