Bug 257061
| Summary: | Review Request: osslsigncode - Tool for Authenticode signing of EXE/CAB files | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matthias Saou <matthias> |
| Component: | Package Review | Assignee: | Jason Tibbitts <j> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | fedora-package-review, notting, yaneti |
| Target Milestone: | --- | Flags: | j:
fedora-review+
kevin: fedora-cvs+ |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-11-26 11:51:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Matthias Saou
2007-08-27 16:34:21 UTC
> Note: A quick look doesn't show any patent infringement, but this might
deserve a double check, just to be sure.
To this one can only add an even faster non-look that says its infringing
..someone's.. something... ;)
> To this one can only add an even faster non-look that says its infringing
> ..someone's.. something... ;)
Could you please elaborate? Obviously, if there's any problem, I'd prefer
knowing ASAP and close this review request.
(In reply to comment #2) > Note: A quick look doesn't show any patent infringement, but this might deserve a double check, just to be sure. > > To this one can only add an even faster non-look that says its infringing > > ..someone's.. something... ;) > > Could you please elaborate? Obviously, if there's any problem, I'd prefer > knowing ASAP and close this review request. I was joking, in attempt to make a point. Please keep meaningless patent related remarks out of supposedly technical forums like bugzilla or fedora-devel. (In reply to comment #3) > I was joking, in attempt to make a point. Please keep meaningless patent related > remarks out of supposedly technical forums like bugzilla or fedora-devel. Well, I didn't catch the joke nor the point. I could also very well argue that (possibly confusing) humor doesn't have its place here either. What I meant was that I browsed the source code, the docs, looked at the agreements from the Microsoft docs used, and didn't see any obvious problems. But IANAL, which is why I'd prefer someone with more technical knowledge and/or more legal knowledge to double check. (In reply to comment #4) > What I meant was that I browsed the source code, the docs, looked at the > agreements from the Microsoft docs used, and didn't see any obvious problems. > But IANAL, which is why I'd prefer someone with more technical knowledge and/or > more legal knowledge to double check. And what I meant is that this amounts to absolutely nothing and shouldn't even be mentioned. You have a patent system bogged down with tens of thousands software patents (not all belonging to Microsoft) full of obscure legalese that can be applied to anything. To take a "quick look" is just ridiculous. And nobody sane, much less a lawyer, would claim to be sure that certain code is not infringing someone elses patent. I don't think this is really the proper forum for doing a patent review; all we can do is review the packaging. If you want to pass this to Red Hat's lawyers before importing, that's up to you. In the meantime, this is a clean package; it builds fine and rpmlint is silent. There's not much to it, really. I guess you can handle not using the dist tag; I don't expect that this package will need to change often anyway. * source files match upstream: 5cd55fa974b06bf89ee128137a969e58a8c6ea1df20b100ddb6b23a58682bec8 osslsigncode-1.2.tar.gz * package meets naming and versioning guidelines. * specfile is properly named, is cleanly written and uses macros consistently. * summary is OK. * description is OK. * build root is OK. * license field matches the actual license. * license is open source-compatible. * license text included in package. * latest version is being packaged. * BuildRequires are proper. * compiler flags are appropriate. * %clean is present. * package builds in mock (development, x86_64). * package installs properly * debuginfo package looks complete. * rpmlint is silent. * final provides and requires are sane: osslsigncode = 1.2-2 = libcrypto.so.6()(64bit) libcurl.so.4()(64bit) libssl.so.6()(64bit) libz.so.1()(64bit) * %check is not present; no test suite upstream. I haven't a clue how to test this package. * no shared libraries are added to the regular linker search paths. * owns the directories it creates. * doesn't own any directories it shouldn't. * no duplicates in %files. * file permissions are appropriate. * no scriptlets present. * code, not content. * documentation is small, so no -docs subpackage is necessary. * %docs are not necessary for the proper functioning of the package. * no headers. * no pkgconfig files. * no static libraries. * no libtool .la files. APPROVED Ping? This package is approved; did you want to make a CVS request and get it imported? New Package CVS Request ======================= Package Name: osslsigncode Short Description: Tool for Authenticode signing of EXE/CAB files Owners: matthias Branches: F-8 F-7 EL-5 EL-4 InitialCC: Cvsextras Commits: yes cvs done. Imported and built at last. |