Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Review Request: ann - Library for searching Approximate Nearest Neighbors|
|Product:||[Fedora] Fedora||Reporter:||Dan Horák <dan>|
|Component:||Package Review||Assignee:||Jason Tibbitts <tibbs>|
|Status:||CLOSED NEXTRELEASE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||rawhide||CC:||fedora-package-review, notting, rc040203|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-08-26 01:40:34 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Dan Horák 2008-08-14 14:46:19 EDT
Spec URL: http://fedora.danny.cz/ann.spec SRPM URL: http://fedora.danny.cz/ann-1.1.1-1.fc10.src.rpm Description: ANN is a library written in the C++ programming language to support both exact and approximate nearest neighbor searching in spaces of various dimensions. It was implemented by David M. Mount of the University of Maryland, and Sunil Arya of the Hong Kong University of Science and Technology. ANN (pronounced like the name ``Ann'') stands for Approximate Nearest Neighbors. ANN is also a testbed containing programs and procedures for generating data sets, collecting and analyzing statistics on the performance of nearest neighbor algorithms and data structures, and visualizing the geometric structure of these data structures.
Comment 1 Jason Tibbitts 2008-08-16 11:08:26 EDT
I believe the license is LGPLv2+; where do you see that it is restricted to v2 only? There is really no need to duplicate those three documentation files between the main and -libs packages. You can duplicate the actual license text if you really feel the need to (even though the lawyers have indicated that it is not necessary) but there's really no point in duplicating things like ReadMe.txt. * source files match upstream: b21d7992bb69d56be2cec0e57c3bfb2ce3497570827edccf3cf403e2c2143898 ann_1.1.1.tar.gz * package meets naming and versioning guidelines. * specfile is properly named, is cleanly written and uses macros consistently. * summary is OK. * description is OK. * dist tag is present. * build root is OK. X license field does not match the actual license. * license is open source-compatible. * license text included in package. * latest version is being packaged. * BuildRequires are proper (none). * compiler flags are appropriate. * %clean is present. * package builds in mock (rawhide, x86_64). * package installs properly. * debuginfo package looks complete. * rpmlint is silent. * final provides and requires are sane: ann-1.1.1-1.fc10.x86_64.rpm ann = 1.1.1-1.fc10 ann(x86-64) = 1.1.1-1.fc10 = libANN.so.1()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libstdc++.so.6(GLIBCXX_3.4)(64bit) ann-devel-1.1.1-1.fc10.x86_64.rpm ann-devel = 1.1.1-1.fc10 ann-devel(x86-64) = 1.1.1-1.fc10 = ann-libs = 1.1.1-1.fc10 libANN.so.1()(64bit) ann-libs-1.1.1-1.fc10.x86_64.rpm libANN.so.1()(64bit) ann-libs = 1.1.1-1.fc10 ann-libs(x86-64) = 1.1.1-1.fc10 = /sbin/ldconfig libANN.so.1()(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libstdc++.so.6()(64bit) libstdc++.so.6(CXXABI_1.3)(64bit) libstdc++.so.6(GLIBCXX_3.4)(64bit) libstdc++.so.6(GLIBCXX_3.4.9)(64bit) * %check is not present; no test suite upstream. I have no idea how to test this package. I can at least run the ann2fig binary but I don't know what to pass to it. Maybe there's something in the sample directory, but it doesn't seem to be installed anywhere. * shared libraries installed: ldconfig called properly. unversioned .so link is in the -devel package. * owns the directories it creates. * doesn't own any directories it shouldn't. X documentation is duplicated between packages. * file permissions are appropriate. * scriptlets are OK (ldconfig). * code, not content. * headers are in the -devel package. * no pkgconfig files. * no static libraries. * no libtool .la files.
Comment 2 Dan Horák 2008-08-16 11:48:44 EDT
You should be right with the license - the sources specify "Lesser GNU Public License" without version and there is no "or any later version" clause. So LGPLv2+ should be right. The *.txt docs are now included only in the -lib subpackage, because it will be always installed. You can run the tests manually after building the package eg. in mock. There is even an expected output, but it differs due the newer version (1.0 vs. 1.1.1) and the package doesn't have performance statistics enabled. So it cannot be easily automated. Updated Spec URL: http://fedora.danny.cz/ann.spec Updated SRPM URL: http://fedora.danny.cz/ann-1.1.1-2.fc10.src.rpm
Comment 3 Ralf Corsepius 2008-08-16 18:45:41 EDT
(In reply to comment #2) > You should be right with the license - the sources specify "Lesser GNU Public > License" without version and there is no "or any later version" clause. So > LGPLv2+ should be right. ?!? Copying.txt explicitly says: "This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version." => This is the "later version" clause. License.txt says: "GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999..." => This is a copy of LGPLv2.1. => This package is LGPLv2+'ed
Comment 4 Dan Horák 2008-08-17 04:40:58 EDT
(In reply to comment #3) > (In reply to comment #2) > > You should be right with the license - the sources specify "Lesser GNU Public > > License" without version and there is no "or any later version" clause. So > > LGPLv2+ should be right. > ?!? > > Copying.txt explicitly says: > "This program is free software; you can redistribute it and/or modify it > under the terms of the GNU Lesser Public License as published by the > Free Software Foundation; either version 2.1 of the License, or (at your > option) any later version." > > => This is the "later version" clause. > > License.txt says: > "GNU LESSER GENERAL PUBLIC LICENSE > > Version 2.1, February 1999..." > > => This is a copy of LGPLv2.1. > > > => This package is LGPLv2+'ed OK, thanks for explanation. I am really not a licensing expert, so I thought that license text in the source files (*.cpp, *h)) is prioritized against the included *.txt files and it leads into LGPLv2+ too.
Comment 5 manuel wolfshant 2008-08-17 09:12:00 EDT
Dan, I am not an expert either, but (quoting from IRC): "<f13> wolfy: what's in the individual source files wins." However, in this case the source files reference the license file (via ReadMe.txt) so probably that the author wanted his source to be LGPv2+ but failed to properly mention that in the source files. I'd say it's one of those cases where one should send a mail to the author politely asking for clarifications.
Comment 6 Jason Tibbitts 2008-08-17 10:22:09 EDT
I don't think there's any real ambiguity here. Sure, it would be nice if upstream just used the license block specified by the LGPL in their source files instead of having folks make a trip through three files to find the info, but I don't think the currently situation leaves any real doubt as to what the license is. Maybe you could ask them, but since the last update to this software was two years ago, I doubt you'll see much of a response. In any case, the issues I had are fixed. APPROVED
Comment 7 Ralf Corsepius 2008-08-18 04:16:39 EDT
(In reply to comment #6) > I don't think there's any real ambiguity here. Agreed. An author's intention is what matters at court. IMO, they did express their intention very clearly (LGPLv2+), in this case. The only critical situation would be if their sources were containing inlined license terms/clauses which would be contradicting their "global detached license". I haven't checked if this this applies in this particular case.
Comment 8 Dan Horák 2008-08-19 14:10:50 EDT
Thanks to all for their opinions. I should be more educated in the licensing area now. I will continue in the process during next week after my return from vacation.
Comment 9 Dan Horák 2008-08-25 05:02:32 EDT
New Package CVS Request ======================= Package Name: ann Short Description: Library for searching Approximate Nearest Neighbors Owners: sharkcz Branches: devel InitialCC:
Comment 10 Kevin Fenzi 2008-08-25 15:57:54 EDT
Comment 11 Dan Horák 2008-08-26 01:40:34 EDT
imported and built
Comment 12 Dan Horák 2008-11-25 07:40:42 EST
Package Change Request ====================== Package Name: ann New Branches: EL-5 Owners: sharkcz
Comment 13 Dennis Gilmore 2008-11-25 11:56:51 EST