Bug 233775
Summary: | Review Request: haproxy - TCP/HTTP reverse proxy for high availability environments | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jeremy Hinegardner <jeremy> |
Component: | Package Review | Assignee: | Kevin Fenzi <kevin> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Package Reviews List <fedora-package-review> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | gauret, tcallawa |
Target Milestone: | --- | Flags: | kevin:
fedora-review+
kevin: fedora-cvs+ |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-09-21 19:03:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jeremy Hinegardner
2007-03-24 22:44:48 UTC
I'd be happy to review this package. Look for a full review in a bit. OK - Package meets naming and packaging guidelines OK - Spec file matches base package name. OK - Spec has consistant macro usage. OK - Meets Packaging Guidelines. See below - License(GPL) See below - License field in spec matches See below - License file included in package OK - Spec in American English OK - Spec is legible. OK - Sources match upstream md5sum: 45a66691aa3b22996862e3e5bac4289c haproxy-1.2.17.tar.gz 45a66691aa3b22996862e3e5bac4289c haproxy-1.2.17.tar.gz.1 OK - BuildRequires correct OK - Package has %defattr and permissions on files is good. OK - Package has a correct %clean section. OK - Package has correct buildroot OK - Package is code or permissible content. OK - Packages %doc files don't affect runtime. OK - Package has rm -rf RPM_BUILD_ROOT at top of %install OK - Package compiles and builds on at least one arch. OK - Package has no duplicate files in %files. OK - Package doesn't own any directories other packages own. OK - Package owns all the directories it creates. See below - No rpmlint output. OK - final provides and requires are sane. SHOULD Items: OK - Should build in mock. OK - Should build on all supported archs OK - Should have dist tag OK - Should package latest version Issues: 1. You might ask upstream to include a copy of the GPL and the other odd license? Not a blocker. 2. What parts of the code are under the odd MIT-like O'Reilly license? It might be good to list them. Also, I can't find mention of this license in the code anywhere. Where is it stated? 3. rpmlint says: E: haproxy non-standard-uid /var/lib/haproxy haproxy E: haproxy non-standard-gid /var/lib/haproxy haproxy These can be ignored. Not a blocker. (In reply to comment #2) > Issues: > > 1. You might ask upstream to include a copy of the GPL and the other odd license? > Not a blocker. I'll send upstream a note and see if he'll put a COPYING or the like in the source distribution. Along with a manifest of which files are under which license. The source code files which are GPL say so in the boiler plate at the top of the .c files. > 2. What parts of the code are under the odd MIT-like O'Reilly license? > It might be good to list them. Also, I can't find mention of this license in the > code > anywhere. Where is it stated? The .c files that are under the MIT-like license from O'Reilly say in the header at the top of the file that they are copied from Mastering Algorithms in C by Kyle Loudon. It gives the ISBN number and a link to the book's page on O'Reilly. I wondered about what license these files were under so I downloaded the original examples .tgz from O'Reilly where these files came from and read the license in there. So no, the license is not specifically mentioned in haproxy itslf, but the source code that is from the Loudon Book is duely noted. All in all, each .c file in haproxy says where it came from, who wrote it, and if its under GPL it states that. 1. ok. Sounds good. 2. ok. I looked, but didn't see those headers for some reason. ;( I found them now... makes sense to me. One thing that bothers me about that license... the part that says: " This code # is under copyright and cannot be included in any other book, # publication, or educational product without permission from # O'Reilly & Associates." Is Fedora a "educational product" ? Could it be considered such? FYI, the entire thing reads: The source code on this disk can be freely used, adapted, and redistributed in source or binary form, so long as an acknowledgment appears in derived source files. The citation should list that the code comes from the book "Mastering Algorithms with C" by Kyle Loudon, published by O'Reilly & Associates. This code is under copyright and cannot be included in any other book, publication, or educational product without permission from O'Reilly & Associates. No warranty is attached; we cannot take responsibility for errors or fitness for use. Asking the FSF for an opinion on that "unique license". Any word back from FSF ? Is their response required for approval? Yes, they said the license as is is non-free. This is a blocker, however, I've not stopped this, as the FSF is trying to negotiate with O'Reilly to see if they're willing to change the license. I am however, blocking this against FE-Legal, until I hear back again from the FSF/O'Reilly. (In reply to comment #8) > I am however, blocking this against FE-Legal, until I hear back again from the > FSF/O'Reilly. Just checking in to see if FSF/O'Reilly has gotten back to anyone. Thanks. Nothing yet. I'll poke the FSF again. Any further news? Hopefully they can work something out... Any updates from the FSF? Not yet. They're rather busy with GPLv3 fallout at the time, but I'll poke them again. I've spoken with Willy (the author of haproxy) a few times recently, he has a patch to replace all the O'Reilly code and with appropriately licensed code. He is now testing it. When that release comes out, I'll package up that vesion and then the licensing issue will be moot. O'Reilly responded to the FSF and claimed to be in the process of changing the license on that code to a "BSD-ish" license, but so far, this has not occurred. Even though it may be moot, I figured I would pass it along. I've sent another email to O'Reilly asking them to actually make this licensing change. http://examples.oreilly.com/masteralgoc/ A new tarball has been uploaded there, and the source code is now under the MIT license. HAproxy should be able to pick this code up and resolve the licensing pain (if they want to). That is great news. I've forwarded the info to Willy upstream. New package and spec. I've switched to the 1.3.12 branch which is the new stable upstream branch instead of 1.2.17. There are some new files and a patch from upstream against 1.3.12.1 to clear up the licensing issue now that O'Reilly has changed to MIT license for its code. SPEC url: http://jjh.fedorapeople.org/haproxy/haproxy.spec SRPM url: http://jjh.fedorapeople.org/haproxy/haproxy-1.3.12.1-1.fc7.src.rpm It probably needs a full review again since this is a whole new branch of code. OK - Spec file matches base package name. OK - Spec has consistant macro usage. OK - Meets Packaging Guidelines. See below - License (GPLv2+) See below - License field in spec matches OK - License file included in package OK - Spec in American English OK - Spec is legible. OK - Sources match upstream md5sum: 032f976cf82e1ba48702e25545155147 haproxy-1.3.12.1.tar.gz 032f976cf82e1ba48702e25545155147 haproxy-1.3.12.1.tar.gz.1 OK - BuildRequires correct OK - Package has %defattr and permissions on files is good. OK - Package has a correct %clean section. OK - Package has correct buildroot OK - Package is code or permissible content. OK - Packages %doc files don't affect runtime. OK - Package has rm -rf RPM_BUILD_ROOT at top of %install OK - Package compiles and builds on at least one arch. OK - Package has no duplicate files in %files. OK - Package doesn't own any directories other packages own. OK - Package owns all the directories it creates. See below - No rpmlint output. OK - final provides and requires are sane. SHOULD Items: OK - Should build in mock. OK - Should build on all supported archs OK - Should have sane scriptlets. OK - Should have dist tag OK - Should package latest version Issues: 1. I think the License tag here should be "GPLv2+ and LGPLv2+ and MIT". The bulk of the program is under the GPLv2+, but those pesky example bits are now MIT. Also, many of the header files are LGPLv2+. It's all nice and confusing. I might try and get spot to look it over. ;) Also, I am not sure it's permissable to change license's via a patch. You may need to wait until upstream does a new release with the new license text in place. 2. rpmlint says (as before): haproxy.i386: E: non-standard-uid /var/lib/haproxy haproxy haproxy.i386: E: non-standard-gid /var/lib/haproxy haproxy Can be ignored. Everything else looks good, hopefully we can get this approved soon. Spot: can you take a look at the current license situation? I would really rather that we didn't change the license with a patch. Please try to get upstream to make a new tarball, even if it is just for Fedora. As to the License: tag, use "GPLv2+ and MIT". The examples are standalone MIT, the code is GPLv2+. The headers are LGPLv2 (not LGPLv2+), but since we don't package up the headers, we don't need to reference them in the License tag. Just to clear up any confusion, the patch I applied was sent to me from Willy upstream. I'll also check and see if he'll create a new tarball. The License tag I've updated. I'll create a new srpm when I hear back from Willy about a new tarball. Upstream release a new version with the licensing patch applied and a few bug fixes too. SRPM: http://jjh.fedorapeople.org/haproxy/haproxy-1.3.12.2-1.fc7.src.rpm SPEC: http://jjh.fedorapeople.org/haproxy/haproxy.spec The License tag is still just GPLv2+... can you update it to "GPLv2+ and MIT" ? (You can do that before you check it in) Otherwise everything looks good in this last version, so this package is APPROVED. license tag is updated New Package CVS Request ======================= Package Name: haproxy Short Description: TCP/HTTP reverse proxy for high availability environments Owners: jjh Branches: FC-6 F-7 EL-4 EL-5 InitialCC: Cvsextras Commits: Since the license issues are all cleared up, can someone remove the FE-Legal blocker? Lifting FE-Legal. Have fun! cvs done. |