Bug 469997
| Summary: | Review Request: ratproxy - A passive web application security assessment tool | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Rakesh Pandit <rpandit> |
| Component: | Package Review | Assignee: | Mamoru TASAKA <mtasaka> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | fedora-package-review, lucilanga, mtasaka, notting, opensource |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | Flags: | mtasaka:
fedora-review+
kevin: fedora-cvs+ |
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-01-19 12:50:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Rakesh Pandit
2008-11-05 06:36:19 UTC
Instead of the sed command, you better run make CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" You can add -Wno-pointer-sign like upstream does if you do not want to see tons of pointer signedness warnings, but it would probably better to fix this in the code. :-) Something not so nice is, that the tarball contains a non free precompiled binary in flare-dist/flare, i.e. add a rm -rf flare-dist/ flare in %prep. In the future there may be checks may prevent the rpm from beeing built if there are precompiled binaries present. I have reported about all these issues upstream. Number of lines required for fixing warnings are enormous. Warnings are around 1000+ lines. So, I am using flag to suppress these warnings. Regarding some fwrite warnings (not handling return values) I have also reported them. I think these are not blockers. Thanks - Updated http://rakesh.fedorapeople.org/spec/ratproxy.spec http://rakesh.fedorapeople.org/srpm/ratproxy-1.51-2.fc9.src.rpm This is not a blocker but... as this is a network application (binds specific port, logs data to specific dir) will you consider providing sysvinit script, default logdir, logrotation, etc...? Would it be okay without them? I wouldn't like to .. may be later on in case administrators bug me. I selected it from security spin wish list. What you suggest ? (In reply to comment #4) > Would it be okay without them? I wouldn't like to .. may be later on in case > administrators bug me. I selected it from security spin wish list. What you > suggest ? I guess you can add scripts later. Anyway a sysvinit script would be nice. -This package contains flare binary that is not free and cannot be shipped in Fedora. You need to remove this before packaging, see: https://fedoraproject.org/wiki/PackagingDrafts/SourceUrl#When_Upstream_uses_Prohibited_Code (In reply to comment #5) > -This package contains flare binary that is not free and cannot be shipped in > Fedora. You need to remove this before packaging, see: > https://fedoraproject.org/wiki/PackagingDrafts/SourceUrl#When_Upstream_uses_Prohibited_Code The URL does not cover binaries: | Some upstream packages include patents or trademarks that we are not allowed to | ship even as source code. I do not think think this binary can be shipped with fedora and has to be treated as prohibited source, but we can always ask legal. No matter whether flare-dist/flare is binary or not, as flare-dist/LICENSE.TXT says this part is definitely NON-FREE (Redistribution is solely for non-commercial purposes), this part cannot be shipped (even if in srpm form) in Fedora. NON-FREE stuff. Cannot be shipped in. Ah.. is flare-dist/ part really needed for this package? I tried to rebuild your latest srpm, however for me this part does not seem to be used. If not needed, you can - remove flare-dist part - repackage tarball - and use the repackaged tarball as Fedora source tarball (as Lucian said in comment 5) I took this package from security spin wish list and don't have much interest (on a personal note) because I don't use it. Anyway I will have a re-look. Thanks all for pointing put issues. I will bump with changes soon. http://rakesh.fedorapeople.org/spec/ratproxy.spec http://rakesh.fedorapeople.org/srpm/ratproxy-1.51-3.fc10.src.rpm Somebody interested in review ? Well, for 1.51-3: - I guess Solaris.README is not needed. Other things are okay. ---------------------------------------------------------- This package (ratproxy) is APPROVED by mtasaka ---------------------------------------------------------- Thanks, I will remove that file before importing. New Package CVS Request ======================= Package Name: ratproxy Short Description: A passive web application security assessment tool Owners: rakesh Branches: F-9 F-10 InitialCC: Cvsextras Commits: yes cvs done. ratproxy-1.51-4.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/ratproxy-1.51-4.fc9 ratproxy-1.51-4.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/ratproxy-1.51-4.fc10 |