Bug 459153

Summary: Review Request: ann - Library for searching Approximate Nearest Neighbors
Product: [Fedora] Fedora Reporter: Dan Horák <dan>
Component: Package ReviewAssignee: Jason Tibbitts <tibbs>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, notting, rc040203
Target Milestone: ---Flags: tibbs: fedora‑review+
dennis: fedora‑cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-08-26 01:40:34 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 459125    

Description Dan Horák 2008-08-14 14:46:19 EDT
Spec URL: http://fedora.danny.cz/ann.spec
SRPM URL: http://fedora.danny.cz/ann-1.1.1-1.fc10.src.rpm

Description:
ANN is a library written in the C++ programming language to support both
exact and approximate nearest neighbor searching in spaces of various
dimensions.  It was implemented by David M. Mount of the University of
Maryland, and Sunil Arya of the Hong Kong University of Science and
Technology.  ANN (pronounced like the name ``Ann'') stands for
Approximate Nearest Neighbors.  ANN is also a testbed containing
programs and procedures for generating data sets, collecting and
analyzing statistics on the performance of nearest neighbor algorithms
and data structures, and visualizing the geometric structure of these
data structures.
Comment 1 Jason Tibbitts 2008-08-16 11:08:26 EDT
I believe the license is LGPLv2+; where do you see that it is restricted to v2 only?

There is really no need to duplicate those three documentation files between the main and -libs packages.  You can duplicate the actual license text if you really feel the need to (even though the lawyers have indicated that it is not necessary) but there's really no point in duplicating things like ReadMe.txt.

* source files match upstream:
   b21d7992bb69d56be2cec0e57c3bfb2ce3497570827edccf3cf403e2c2143898  
   ann_1.1.1.tar.gz
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
X license field does not match the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper (none).
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly.
* debuginfo package looks complete.
* rpmlint is silent.
* final provides and requires are sane:
  ann-1.1.1-1.fc10.x86_64.rpm
   ann = 1.1.1-1.fc10
   ann(x86-64) = 1.1.1-1.fc10
  =
   libANN.so.1()(64bit)
   libgcc_s.so.1()(64bit)
   libgcc_s.so.1(GCC_3.0)(64bit)
   libstdc++.so.6()(64bit)
   libstdc++.so.6(CXXABI_1.3)(64bit)
   libstdc++.so.6(GLIBCXX_3.4)(64bit)

  ann-devel-1.1.1-1.fc10.x86_64.rpm
   ann-devel = 1.1.1-1.fc10
   ann-devel(x86-64) = 1.1.1-1.fc10
  =
   ann-libs = 1.1.1-1.fc10
   libANN.so.1()(64bit)

  ann-libs-1.1.1-1.fc10.x86_64.rpm
   libANN.so.1()(64bit)
   ann-libs = 1.1.1-1.fc10
   ann-libs(x86-64) = 1.1.1-1.fc10
  =
   /sbin/ldconfig
   libANN.so.1()(64bit)
   libgcc_s.so.1()(64bit)
   libgcc_s.so.1(GCC_3.0)(64bit)
   libstdc++.so.6()(64bit)
   libstdc++.so.6(CXXABI_1.3)(64bit)
   libstdc++.so.6(GLIBCXX_3.4)(64bit)
   libstdc++.so.6(GLIBCXX_3.4.9)(64bit)

* %check is not present; no test suite upstream.
  I have no idea how to test this package.  I can at least run the ann2fig 
  binary but I don't know what to pass to it.  Maybe there's something in the 
  sample directory, but it doesn't seem to be installed anywhere.

* shared libraries installed:
   ldconfig called properly.
   unversioned .so link is in the -devel package.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
X documentation is duplicated between packages.
* file permissions are appropriate.
* scriptlets are OK (ldconfig).
* code, not content.
* headers are in the -devel package.
* no pkgconfig files.
* no static libraries.
* no libtool .la files.
Comment 2 Dan Horák 2008-08-16 11:48:44 EDT
You should be right with the license - the sources specify "Lesser GNU Public License" without version and there is no "or any later version" clause. So LGPLv2+ should be right.

The *.txt docs are now included only in the -lib subpackage, because it will be always installed.

You can run the tests manually after building the package eg. in mock. There is even an expected output, but it differs due the newer version (1.0 vs. 1.1.1) and the package doesn't have performance statistics enabled. So it cannot be easily automated.

Updated Spec URL: http://fedora.danny.cz/ann.spec
Updated SRPM URL: http://fedora.danny.cz/ann-1.1.1-2.fc10.src.rpm
Comment 3 Ralf Corsepius 2008-08-16 18:45:41 EDT
(In reply to comment #2)
> You should be right with the license - the sources specify "Lesser GNU Public
> License" without version and there is no "or any later version" clause. So
> LGPLv2+ should be right.
?!?

Copying.txt explicitly says:
"This program is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser Public License as published by the
Free Software Foundation; either version 2.1 of the License, or (at your
option) any later version."

=> This is the "later version" clause.

License.txt says:
"GNU LESSER GENERAL PUBLIC LICENSE

Version 2.1, February 1999..."

=> This is a copy of LGPLv2.1.


=> This package is LGPLv2+'ed
Comment 4 Dan Horák 2008-08-17 04:40:58 EDT
(In reply to comment #3)
> (In reply to comment #2)
> > You should be right with the license - the sources specify "Lesser GNU Public
> > License" without version and there is no "or any later version" clause. So
> > LGPLv2+ should be right.
> ?!?
> 
> Copying.txt explicitly says:
> "This program is free software; you can redistribute it and/or modify it
> under the terms of the GNU Lesser Public License as published by the
> Free Software Foundation; either version 2.1 of the License, or (at your
> option) any later version."
> 
> => This is the "later version" clause.
> 
> License.txt says:
> "GNU LESSER GENERAL PUBLIC LICENSE
> 
> Version 2.1, February 1999..."
> 
> => This is a copy of LGPLv2.1.
> 
> 
> => This package is LGPLv2+'ed

OK, thanks for explanation. I am really not a licensing expert, so I thought that license text in the source files (*.cpp, *h)) is prioritized against the included *.txt files and it leads into LGPLv2+ too.
Comment 5 manuel wolfshant 2008-08-17 09:12:00 EDT
Dan, I am not an expert either, but (quoting from IRC):  "<f13>   wolfy: what's in the individual source files wins."

However, in this case the source files reference the license file (via ReadMe.txt) so probably that the author wanted his source to be LGPv2+ but failed to properly mention that in the source files. I'd say it's one of those cases where one should send a mail to the author politely asking for clarifications.
Comment 6 Jason Tibbitts 2008-08-17 10:22:09 EDT
I don't think there's any real ambiguity here.  Sure, it would be nice if upstream just used the license block specified by the LGPL in their source files instead of having folks make a trip through three files to find the info, but I don't think the currently situation leaves any real doubt as to what the license is.  Maybe you could ask them, but since the last update to this software was two years ago, I doubt you'll see much of a response.

In any case, the issues I had are fixed.

APPROVED
Comment 7 Ralf Corsepius 2008-08-18 04:16:39 EDT
(In reply to comment #6)
> I don't think there's any real ambiguity here. 

Agreed. An author's intention is what matters at court. IMO, they did express their intention very clearly (LGPLv2+), in this case.

The only critical situation would be if their sources were containing inlined license terms/clauses which would be contradicting their "global detached license". I haven't checked if this this applies in this particular case.
Comment 8 Dan Horák 2008-08-19 14:10:50 EDT
Thanks to all for their opinions. I should be more educated in the licensing area now. I will continue in the process during next week after my return from vacation.
Comment 9 Dan Horák 2008-08-25 05:02:32 EDT
New Package CVS Request
=======================
Package Name: ann
Short Description: Library for searching Approximate Nearest Neighbors
Owners: sharkcz
Branches: devel
InitialCC:
Comment 10 Kevin Fenzi 2008-08-25 15:57:54 EDT
cvs done.
Comment 11 Dan Horák 2008-08-26 01:40:34 EDT
imported and built
Comment 12 Dan Horák 2008-11-25 07:40:42 EST
Package Change Request
======================
Package Name: ann
New Branches: EL-5
Owners: sharkcz
Comment 13 Dennis Gilmore 2008-11-25 11:56:51 EST
CVS Done