Bug 2441979

Summary: Review Request: govulncheck - Database client and tools for the Go vulnerability database
Product: [Fedora] Fedora Reporter: Alejandro Sáez Morollón <asm>
Component: Package ReviewAssignee: Mikel Olasagasti Uranga <mikel>
Status: RELEASE_PENDING --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: mikel, package-review
Target Milestone: ---Flags: mikel: fedora-review+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alejandro Sáez Morollón 2026-02-23 19:07:05 UTC 
This is a rename request. The original name of the package is golang-x-vuln. Based on the current Go SIG guidelines, the name of the package should be govulncheck.

Spec URL: https://alexsaezm.fedorapeople.org/rpms/govulncheck/govulncheck.spec
SRPM URL: https://alexsaezm.fedorapeople.org/rpms/govulncheck/govulncheck-1.1.4-1.20260218gita9cf566.fc45.src.rpm
Description: Database client and tools for the Go vulnerability database, providing the govulncheck command for vulnerability scanning.
Fedora Account System Username: alexsaezm
Comment 1 Fedora Review Service 2026-02-23 23:57:28 UTC 
Cannot find any valid SRPM URL for this ticket. Common causes are:

- You didn't specify `SRPM URL: ...` in the ticket description
  or any of your comments
- The URL schema isn't HTTP or HTTPS
- The SRPM package linked in your URL doesn't match the package name specified
  in the ticket summary


---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.
Comment 2 Mikel Olasagasti Uranga 2026-02-27 09:31:24 UTC 
Golang Package Review
==============

This package was generated using go2rpm and Go Vendor Tools, which simplifies
the review.

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated


- [x] The latest version is packaged or packaging an earlier version is justified.
- [x] The License tag reflects the package contents and uses the correct identifiers.
- [x] The package builds successfully in mock.
- [x] Package is installable (checked by fedora-review).
- [x] There are no relevant rpmlint errors.
- [x] The package runs tests in %check.
- [x] `%goipath` is set correctly.
- [x] The package's binaries don't conflict with binaries already in the distribution. (Some Go projects include utility binaries with very generic names)
- [x] There are no `%{_bindir}/*` wildcards in %files. (go2rpm includes these by default)
- [x] The package does not use `%gometa -f` if it has dependents that still build for %ix86.
- [x] The package complies with the Golang and general Packaging Guidelines.
- [x] GO_LDFLAGS are set correctly.

Package approved! On import, don't forget to do the following:

- [ ] Add the package to release-monitoring.org
- [ ] Give go-sig privileges (at least commit) on the package
- [ ] Close the review bug by referencing its ID in the rpm changelog and the Bodhi ticket.
- [ ] Consider configuring Packit service to help with maintenance
Comment 3 Alejandro Sáez Morollón 2026-03-02 10:42:40 UTC 
I changed the title of the bug to make fedpkg request-repo work
Comment 4 Fedora Admin user for bugzilla script actions 2026-03-02 10:45:09 UTC 
The Pagure repository was created at https://src.fedoraproject.org/rpms/govulncheck