Bug 492996

Summary: Review Request: mediawiki-Renameuser - An extension that provides a special page for renaming user accounts
Product: [Fedora] Fedora Reporter: John Guthrie <guthrie>
Component: Package ReviewAssignee: Jason Tibbitts <tibbs>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, notting, tcallawa
Target Milestone: ---Flags: tibbs: fedora‑review+
guthrie: fedora‑cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-26 13:16:27 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 182235    

Description John Guthrie 2009-03-31 02:47:03 EDT
Spec URL: http://www.guthrie.info/RPMS/f10/mediawiki-Renameuser.spec
SRPM URL: http://www.guthrie.info/RPMS/f10/mediawiki-Renameuser-0-0.1.20090331svn.fc10.src.rpm
Description: Renameuser provides a special page which allows authorised users to rename user accounts. This will cause page histories, etc. to be updated.
Comment 1 Jason Tibbitts 2009-04-01 15:57:14 EDT
The URL in the spec doesn't seem related.

Can you indicate where you get a license of "Freely redistributable without restriction"?  The only place I can see any indication of a license is in SpecialRenameuser.php and it says GPLv2+.  The upstream web site says "unspecified".  I think it's reasonable to assume that GPLv2+ applies to all five php files since they're distributed together.  It would be nice to query the author about inserting proper license notices as suggested by the GPL.  Also note that in any case, "Freely distributable without restriction" is not sufficiently free for code in Fedora.  We need the right to modify as well.

The README.fedora file mentions InputBox twice.

* source files match upstream.  sha256sum:
  d791117c556ad9af35dc51dbac815ef129e507fcad30db9740bbaa3108bb4f59  
   RenameUserJob.php
  0f73d6727b396dfae1b3fd3126763e74fda852a70204a5d6b98815b3db6d9987  
   SpecialRenameuser.alias.php
  217a14bf162a32a2276b68f4e84ae820711943f259fa4ccb245e535f3aa9a3b1  
   SpecialRenameuser_body.php
  b952cb8b5dd7a636faae2ec15945db877a07ee26b3faf35932c2b59488a20b5a  
   SpecialRenameuser.i18n.php
  0220b4877670f5bc88a2b76e34ff677b44864a3424d4a4ec80ec82e7ef8aafcb  
   SpecialRenameuser.php

* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
X license field does not match the actual license.
* license is open source-compatible.
* license text not included upstream.
* BuildRequires are proper (none, as there
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly.
* rpmlint is silent.
* final provides and requires are sane:
   mediawiki-Renameuser = 0-0.1.20090331svn.fc11
  =
   mediawiki >= 1.14

* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* no generically named files
* code, not content.
* documentation is small, so no -doc subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.

The package review process needs reviewers!  If you haven't done any package
reviews recently, please consider doing one.
Comment 2 John Guthrie 2009-04-22 16:22:19 EDT
Just an update on the licensing.  I contacted the listed author, and he said that  when he initially wrote the extension, he placed it under GPLv2+.  Since that time, it has been broken up into separate files.  Some of them are derived files and are also under GPLv2+, but he has not written any part of RenameUserJob.php, so he doesn't know what the situation is with that file.

The files SpecialRenameuser.alias.php and SpecialRenameuser.i18n.php are both internationalization files for SpecialRenameuser.php, so I would think that it is safe to call those dervied files.  Also, SpecialRenameuser_body.php is the file that actually generates the Special page for this extension.  Likewise, I would think that would be a dervied work as well.  Moreover, the extension stops working if you remove any of those files.

I am still working on finding out the license status for RenameUserJob.php.
Comment 3 John Guthrie 2009-05-14 03:29:30 EDT
I have verified the license for RenameUserJob.php and it is GPLv2+ as well.  The URL that is listed in the package also lists the license as well.  I have created a new SRPM and a new spec file.  Here are their URLs:

http://www.guthrie.info/RPMS/f10/mediawiki-Renameuser-0-0.2.20090505svn.fc10.src.rpm
http://www.guthrie.info/RPMS/f10/mediawiki-Renameuser.spec

I have run rpmlint on the spec file, the SRPM, and the resulting RPM, and in all cases, rpmlint returns no errors or warnings.
Comment 4 Jason Tibbitts 2009-05-16 19:38:50 EDT
First off, README.fedora still talks about some module called InputBox which doesn't seem related to RenameUser.  Could you fix that up?

Now, we can trust a license indicated on an upstream web site as long as we reasonably believe that the authors of the software in question were the ones who made the indication of the license on that site.  However, in this case, according to the wiki history it's it's you who've made the indication that it's GPLv2+.  So, besides fixing the README.fedora file, I see two options which will allow me to approve this:

1) Spot acks what's being done.  I've blocked FE-Legal to request his input.
2) You include in this package the relevant parts of the email conversations with the authors that you indicated you've had on the upstream wiki page.

Sorry, licensing sucks.
Comment 5 Tom "spot" Callaway 2009-05-20 13:41:27 EDT
Yeah... can you add the email conversations with upstream(s) where they clarify licensing as a "README.Licensing" in the package?
Comment 6 Jason Tibbitts 2009-06-20 11:50:00 EDT
And it's been over a month since comment #4 with no response.  I guess I'll go ahead and close this soon.
Comment 7 John Guthrie 2009-06-22 22:47:10 EDT
I apologize for the delay.  My life's been a little hectic with a possible move in the works plus trying to find a new job.

I have built a new package with the new file called LICENSE.fedora.  It contains the email conversations that I have had with the authors regarding the licensing.    I've not added any additional text into that file.  Please let me know if I need to add any additional info in that file.

The authors were taking the stance that they have put the license into one of the source code files, and that the rest of the files are derived works so they fall under the same license.  I have not asked regarding an explicit README.Licensing file.

The new SRPM can be found here:  http://www.guthrie.info/RPMS/f11/mediawiki-Renameuser-0-0.4.20090505svn.fc11.src.rpm
Here is the new SPEC file: http://www.guthrie.info/RPMS/f11/mediawiki-Renameuser.spec
Comment 8 John Guthrie 2009-06-22 22:49:02 EDT
(In reply to comment #7)
> The authors were taking the stance that they have put the license into one of
> the source code files, and that the rest of the files are derived works so they
> fall under the same license.  I have not asked regarding an explicit
> README.Licensing file.

I should also add that just general advice on how to proceed with the licensing issue would be appreciated.
Comment 9 Jason Tibbitts 2009-06-23 20:17:34 EDT
OK, I took a look at the package and I only see one remaining issue:  The LICENSE.fedora file isn't UTF-8; it contains 0xC6, which is probably an ISO-8859-15 character.  I guess you've just dumped some email messages to a file, and the message with the character doesn't contain an encoding, but I would suggest that the file is intended to be read as a file, not a mail folder, and so should be UTF-8.  Can you convert it before you import?

The only general advice I can give regarding the license issue is to get everyone to include proper copyright and license statements somewhere in each source file.  I could see authors in the previous century being ignorant of the need to properly license their code, but these days there's really no excuse.  If you want more specific advice, though, you're welcome to contact fedora-legal-list@redhat.com.

APPROVED
Comment 10 John Guthrie 2009-06-25 21:20:40 EDT
(In reply to comment #9)
> OK, I took a look at the package and I only see one remaining issue:  The
> LICENSE.fedora file isn't UTF-8; it contains 0xC6, which is probably an
> ISO-8859-15 character.  I guess you've just dumped some email messages to a
> file, and the message with the character doesn't contain an encoding, but I
> would suggest that the file is intended to be read as a file, not a mail
> folder, and so should be UTF-8.  Can you convert it before you import?

Thank you for the approval and your assistance.  I do have one question though.  You were correct in that the LICENSE.fedora file is a dump of emails.  I was wondering if you had nay suggestions on any explanatory text that I might want to include in that file, or if those emails can stand on their own?
Comment 11 John Guthrie 2009-06-25 21:30:06 EDT
(In reply to comment #9)
> OK, I took a look at the package and I only see one remaining issue:  The
> LICENSE.fedora file isn't UTF-8; it contains 0xC6, which is probably an
> ISO-8859-15 character.  I guess you've just dumped some email messages to a
> file, and the message with the character doesn't contain an encoding, but I
> would suggest that the file is intended to be read as a file, not a mail
> folder, and so should be UTF-8.  Can you convert it before you import?

> APPROVED  

The UTF8 issue has been fixed, and the package is ready for import.
Comment 12 John Guthrie 2009-06-25 21:34:19 EDT
New Package CVS Request
=======================
Package Name: mediawiki-Renameuser
Short Description: An extension that provides a special page for renaming user accounts
Owners: guthrie
Branches: F-10 F-11
InitialCC:
Comment 13 Jason Tibbitts 2009-06-25 22:17:40 EDT
CVS done.
Comment 14 John Guthrie 2009-06-25 23:35:14 EDT
So I just imported the package into the devel branch, and I received the following email bounce:

This is the mail system at host cvs1.fedora.phx.redhat.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<mediawiki-Renameuser-owner@fedoraproject.org>: host bastion[10.8.34.50] said:
    550 5.1.1 <mediawiki-Renameuser-owner@fedoraproject.org>: Recipient address
    rejected: User unknown in local recipient table (in reply to RCPT TO
    command)


Now I know that the email said to send a report to postmaster, but I'm also worried that such an email will get lost in a flood of spam.  (I.e., postmaster can often be a spam magnet, especially on high profile domains.)  Also, I'm guessing that this is more of an issue with the account system as opposed to the mail system anyway.  So my question is to whom should I send this report to?
Comment 15 Jason Tibbitts 2009-06-26 00:31:04 EDT
There's a delay between package creation and the propagation of the aliases to the mail server.

You set the fedora-cvs flag; did you need something from the CVS admins?  It sure seems like the proper CVS branches were created when I set up the package.
Comment 16 John Guthrie 2009-06-26 00:38:06 EDT
Thank you very much for the explanation.  I was concerned that the above mail issue might have been CVS-related since I was thinking that the mail address would have been created at the same time as the CVS branches.  I have unset the flag as it seems that all of the branches seem to be working correctly in all other respects.
Comment 17 John Guthrie 2009-06-26 00:39:13 EDT
(In reply to comment #16)
> I have unset the
> flag as it seems that all of the branches seem to be working correctly in all
> other respects.  

More precisely, I set the CVS flag back to +.
Comment 18 John Guthrie 2009-06-26 13:16:27 EDT
The build has completed in all requested releases.  Closing this review request out.