Bug 253134

Summary: Review Request: jlint - Java program checker
Product: [Fedora] Fedora Reporter: Jerry James <loganjerry>
Component: Package ReviewAssignee: Ville Skyttä <ville.skytta>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, notting
Target Milestone: ---Flags: ville.skytta: fedora-review+
kevin: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: 1.23-1.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-03 21:11:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jerry James 2007-08-17 03:36:31 UTC
Spec URL: http://jjames.fedorapeople.org/jlint/jlint.spec
SRPM URL: http://jjames.fedorapeople.org/jlint/jlint-3.1-1.src.rpm
Jlint will check your Java code and find bugs, inconsistencies and
synchronization problems by doing data flow analysis and building the lock
graph.  Jlint is extremely fast - even on large projects, it requires only one
second to check all classes!  It is easy to learn and requires no changes to
the class files.  Jlint has been used in an industrial environment and
successfully uncovered faults with little effort!

The original version of Jlint was written by Konstantin Knizhnik.  It was
extended by Cyrille Artho to perform more extensive synchronization checks.

Comment 1 Parag AN(पराग) 2007-08-17 04:12:55 UTC
Is this your first package submission to Fedora?

Comment 2 Ville Skyttä 2007-08-17 09:10:48 UTC
No, Jerry (in case you're the same Jerry James) already maintains some packages
in Fedora.  Dunno whether the different email address here from the earlier ones
is a problem (earlier are assigned to Jerry.James at usu.edu in the no longer
used owners.list)

jlint is already in Fedora CVS, orphaned and dropped from the distro a few
releases ago.  I used to maintain it, and speaking from that experience, I would
suggest using the package already in CVS as the base, or most importantly using
Konstantin Knizhnik's original 1.x versions instead of the extended 3.x ones. 
When I last compared them, 1.x gave much better results than 3.x which reported
lots of false positives, which is why I kept the Fedora package at 1.x.  I don't
remember more details and I'm no longer using jlint, so I'm afraid there's no
more info about this I can share.

Comment 3 Jerry James 2007-08-17 14:23:28 UTC
I'm the same Jerry James.  I changed jobs, and hence email addresses.  I updated
my Fedora Account with the new email address, and added an identity to my GPG
key.  Is there something else I need to do?  Did I miss a wiki page somewhere on
what to do when one's email address changes?

The web page where I found jlint listed as an orphan said it had been removed
from CVS.  Is that information incorrect?

I've never compared the 1.x version to the 3.x version.  I'll do that before
proceeding further with this request.  Thanks.

Comment 4 Ville Skyttä 2007-08-17 14:57:38 UTC
I suppose the mail address is ok, I just didn't recognize it.

jlint is in CVS, except for the FC-6 and F-7 branches.  FC-5 contains the last
revision I've worked on, and devel contains just the "dead.package" marker file.

Comment 5 Jerry James 2007-08-19 03:30:50 UTC
The 1.x version has not been touched in 9 years.  The 3.x version has not been
touched in 9 months.  I have some hopes that the 3.x version can be updated as
needed; I have little hope that the 1.x version will be.  I can't know for
certain without seeing your test cases, Ville, but it is possible that the
spurious warnings you got from 3.x are due to the new tests introduced in 3.x,
rather than corrupted tests that were present in 1.x.  If you send me code that
triggers spurious warnings, I pledge to work with upstream to make those
warnings go away.  Can we proceed with the review using the 3.x version?

Comment 6 Ville Skyttä 2007-08-19 09:49:58 UTC
(In reply to comment #5)
> The 1.x version has not been touched in 9 years.  The 3.x version has not
> been touched in 9 months.

The most recent modification inside the 1.21 tarball is from 2004-04-05, and the
last code modification from 2003-12-08 so it's not quite that old.  The newest
modification in the 3.x series is compilation fixes for gcc 3.4.x, no other
changes in 3.1 vs 3.0 according to the release notes.  3.0 was released 2004-06-22.

Additionally, the original 1.x author was very responsive to my mails, whereas
the sourceforge tracker for 3.x does not look too promising regarding upstream
activity (not a single comment to any open item in almost 3 years):

> If you send me code that
> triggers spurious warnings, I pledge to work with upstream to make those
> warnings go away.

Sorry, as said, I don't have more details about this handy any more.  Will send
if I remember more details or come across them again.

> Can we proceed with the review using the 3.x version?

Your call, but before that I do suggest taking a closer look at the 3.x
upstream's activity as well as comparing 1.x functionality to 3.x (unless you
already did and I just failed to parse it from your earlier comments).  Also,
it'd be better to find someone who actually uses jlint/antic nowadays to do the
review, but I can chime in later if nobody shows up.

Comment 7 Jerry James 2007-08-29 04:14:29 UTC
Now I'm concerned about licensing issues.  The 1.x code just says that it is
"freeware", with no indication of what the author thinks that means.  The 3.x
code  claims to be released under the GPL, but since it is a derivative work of
code with no clear license, I'm not sure that's legal.  I'm now inclined to drop
jlint and work on getting findbugs into Fedora instead.  Unless someone really,
really wants me to keep pursuing jlint, I'm going to close this review request
and leave jlint alone.

Comment 8 Ville Skyttä 2007-08-29 06:31:58 UTC
I have no objections to that, but as said, the 1.x author at least used to
respond pretty quickly to mails so I suppose clarifying the license wouldn't
take much more than just asking him.

Comment 9 Jerry James 2007-09-19 03:28:14 UTC
Upstream chose an MIT license and also fixed the 64-bit compilation issues.  The
new URLs are:
Spec URL: http://jjames.fedorapeople.org/jlint/jlint.spec
SRPM URL: http://jjames.fedorapeople.org/jlint/jlint-1.23-1.src.rpm

Comment 10 Ville Skyttä 2007-09-19 19:27:33 UTC
Looks good to me, approved.

One minor nit (can be done after import): since VENDINFO.DIZ is no longer
shipped, could drop the related sed'ing in %prep as well.  

Comment 11 Jerry James 2007-09-21 03:00:35 UTC
Package Change Request
Package Name: jlint
New Branches: FC-6 F-7
Updated Fedora Owners: jjames

This is a revival of a previously orphaned package.

Comment 12 Kevin Fenzi 2007-09-21 03:21:36 UTC
cvs done.

Comment 13 Fedora Update System 2007-09-25 08:24:45 UTC
jlint-1.23-1.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2007-10-03 21:11:47 UTC
jlint-1.23-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.