Bug 474356

Summary: Review Request: trilead-ssh2 - SSH-2 protocol implementation in pure Java
Product: [Fedora] Fedora Reporter: Robert Marcano <robert>
Component: Package ReviewAssignee: Alexander Kurtakov <akurtako>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: akurtako, fedora-package-review, notting, tcallawa
Target Milestone: ---Flags: akurtako: fedora-review+
kevin: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-03 09:21:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Marcano 2008-12-03 14:05:16 UTC
Spec URL: http://www.marcanoonline.com/downloads/fedora/package_submissions/trilead-ssh2/trilead-ssh2.spec
SRPM URL: http://www.marcanoonline.com/downloads/fedora/package_submissions/trilead-ssh2/trilead-ssh2-213-1.fc9.src.rpm
Description: Trilead SSH-2 for Java is a library which implements the SSH-2 protocol in pure
Java (tested on J2SE 1.4.2 and 5.0). It allows one to connect to SSH servers
from within Java programs. It supports SSH sessions (remote command execution
and shell access), local and remote port forwarding, local stream forwarding,
X11 forwarding and SCP. There are no dependencies on any JCE provider, as all
crypto functionality is included.

This package is the newest version of ganymed-ssh2 that is not maintained anymore and is required for newer versions of eclipse-subclipse that I am updating. There is no direct source download link, the page http://www.trilead.com/Download/Trilead_SSH_for_Java/ requires to check to options

Is this kind of requests legal for Fedora "By downloading a Trilead software product you are certifying that you are not a national of Iraq; Liberia; Myanmar (Burma); Sierra Leone; Côte d'Ivoire; Sudan; Democratic Republic of the Congo; Usbekistan; Belarus; Lebanon or any country (or an explicit mentioned individual or group) to which the SECO (State Secretariat for Economic Affairs, http://www.seco.admin.ch) has decided to impose sanctions against.
Please confirm by checking the above checkbox."

Comment 1 Jason Tibbitts 2008-12-03 17:58:48 UTC
You ask a legal question, so blocking FE-Legal.  It would be very much preferable to be able to download a tarball directly.

Comment 2 Alexander Kurtakov 2008-12-19 13:12:25 UTC
How is the legal question going?
I would like to review this but I have no idea what to do with this FE-legal thing.

Comment 3 Tom "spot" Callaway 2009-01-12 22:28:11 UTC
Well, we're still thinking about this one. Please be patient with us.

Comment 4 Tom "spot" Callaway 2009-01-12 23:18:58 UTC
After consulting with RH Legal, we've decided that the requirement for Fedora to accept that restriction on behalf of our users in order to simply download the source code is unacceptable.

Your only remaining recourse would be to ask upstream if they would lift that restriction. Its a rather odd restriction, seeingly tied to Swiss Economic Sanctions (not crypto related)?

Comment 5 Robert Marcano 2009-01-13 12:54:03 UTC
First email sent, Hopefully they can do something to help

Comment 6 Robert Marcano 2009-01-20 21:45:19 UTC
Second email sent, the first one has not been replied. Starting to reevaluate http://www.eclipse.org/subversive/

Comment 7 Robert Marcano 2009-01-22 12:54:05 UTC
Good news, response received:

"To make things short: we removed the export restriction clause
and the checkbox from the download page, downloaders also need
not to accecpt the BSD license anymore. There is now a direct
download link"

Comment 8 Alexander Kurtakov 2009-01-22 12:58:51 UTC
Great news.

Comment 9 Tom "spot" Callaway 2009-01-22 15:06:50 UTC
Lifting FE-Legal, as there is no longer any problem with the restrictions removed. Thanks for following up on this with upstream.

Comment 10 Alexander Kurtakov 2009-01-22 20:58:30 UTC
Rpmlint warnings for fix before going to formal review

* W: file-not-utf8 /usr/share/doc/trilead-ssh2-213/HISTORY.txt - Easily fixable
* W: obsolete-not-provided ganymed-ssh2 - eclipse-slide is requiring ganymed-ssh2 so i guess we would be on the safe side to provide it
* W: mixed-use-of-spaces-and-tabs (spaces: line 1, tab: line 18)
* W: non-standard-group Development/Documentation

There is one more rpmlint warning but it is clearly a bug in rpmlint
W: libdir-macro-in-noarch-package %{_libdir}/gcj/%{name}

Also please fix Source0 to point to the download url.

Comment 11 Robert Marcano 2009-01-22 22:02:03 UTC
(In reply to comment #10)
> * W: obsolete-not-provided ganymed-ssh2 - eclipse-slide is requiring
> ganymed-ssh2 so i guess we would be on the safe side to provide it

I missed this one, trilead-ssh2 is not binary/nor 100% source compatible (but only a few package renames are needed), so both packages are needed until eclipse-slide is updated (ganymed-ssh2 project is dead). I will ask the developer about that

Comment 12 Robert Marcano 2009-01-26 19:10:55 UTC
Updated:

http://www.marcanoonline.com/downloads/fedora/package_submissions/trilead-ssh2/trilead-ssh2-213-2.fc10.src.rpm
http://www.marcanoonline.com/downloads/fedora/package_submissions/trilead-ssh2/trilead-ssh2.spec

Updated GCJ AOT to the latest guidelines (I still provides it even when people is starting to not generate it, OpenJDK still is not fully ported outside i386/x86_64

The only rpmlint warnings remaining are:

file-not-utf8 /usr/share/doc/trilead-ssh2-213/HISTORY.txt

I think this is a rpmlint bug, the only char I see on that document outside the ASCII range is used for the name "Michaël" and I see it without errors on UTF-8 

non-standard-group Development Documentation

This is as the Java packaging guidelines specfile template

libdir-macro-in-noarch-package %attr(-,root,root) %{_libdir}/gcj/%{name}

The same, GCJ AOT packaging guidelines

Comment 13 Robert Marcano 2009-01-26 19:12:01 UTC
oops forgot, removed Obsoletes until eclipse-slide is updated

Comment 14 Alexander Kurtakov 2009-02-04 09:32:51 UTC
I'll review this.

Comment 15 Alexander Kurtakov 2009-02-04 10:01:51 UTC
OK package named correctly
OK spec file named correctly
OK meets the Packaging Guidelines (except for above)
OK license is correct, approved and in %doc
OK license field in the package spec file matches the actual license
OK package MUST successfully compile and build into binary rpms on at least
one primary architecture (compiles on x86 cleanly)
OK owns all directories
OK doesn't contain any duplicate files
OK permissions are correctly set
OK clean section present
OK uses macros consistently
OK package contains code
OK no large documentation files 
OK if a package includes something as %doc, it must not affect the runtime of
the application. 
OK packages must not own files or directories already owned by other packages.
OK %install MUST run rm -rf %{buildroot}
OK all filenames must be valid UTF-8

The only remaining issue is 
file-not-utf8 /usr/share/doc/trilead-ssh2-213/HISTORY.txt
"Michaël" is not actually UTF-8 in this file.

Just put the next line in the %prep and we are good to go.
iconv -f ISO-8859-1 -t UTF-8 -o HISTORY.txt HISTORY.txt

Comment 16 Alexander Kurtakov 2009-02-12 18:24:02 UTC
Robert,
I hope you have some time for this soon so I can go on with subclipse.

Comment 18 Alexander Kurtakov 2009-02-16 14:32:59 UTC
OK, There is nothing else holding this review.

This package is APPROVED.

Comment 19 Robert Marcano 2009-02-16 15:15:35 UTC
New Package CVS Request
=======================
Package Name: trilead-ssh2
Short Description: Trilead SSH-2 for Java is a library which implements the SSH-2 protocol in pure
Owners: robmv
Branches: F-10
InitialCC: robmv

Comment 20 Kevin Fenzi 2009-02-16 21:08:07 UTC
cvs done.

Alexander: Please remember to assign reviews to yourself as reviewer.

Comment 21 Alexander Kurtakov 2009-04-03 09:21:11 UTC
Package is in repos now.