|Summary:||Review Request: perl-YAML-LibYAML - YAML::LibYAML Perl module|
|Product:||[Fedora] Fedora||Reporter:||Marcela Mašláňová <mmaslano>|
|Component:||Package Review||Assignee:||Parag AN(पराग) <panemade>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||rawhide||CC:||fedora-package-review, notting, panemade, ppisar, tremble|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2009-05-04 08:25:25 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
Description Marcela Mašláňová 2009-04-29 13:00:54 UTC
Spec URL: http://mmaslano.fedorapeople.org/review/perl-YAML-LibYAML.spec SRPM URL: http://mmaslano.fedorapeople.org/review/perl-YAML-LibYAML-0.32-1.fc11.src.rpm Description: Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby.
Comment 1 Parag AN(पराग) 2009-04-29 15:42:37 UTC
Review: + package builds in mock (rawhide i586). koji Build => http://koji.fedoraproject.org/koji/taskinfo?taskID=1328734 + rpmlint is silent for SRPM and for RPM. + source files match upstream url 7a8b9258a311e52d0938744ad2ddfc4d YAML-LibYAML-0.32.tar.gz Build failed. Add BR:perl-Test-More
Comment 2 Marcela Mašláňová 2009-04-29 16:43:34 UTC
You are fast, thank you. http://koji.fedoraproject.org/koji/taskinfo?taskID=1328927
Comment 3 Marcela Mašláňová 2009-04-29 16:44:43 UTC
Comment 4 Parag AN(पराग) 2009-04-29 16:59:17 UTC
+ make test gave All tests successful. Files=25, Tests=254, 4 wallclock secs ( 0.08 usr 0.03 sys + 3.47 cusr 0.39 csys = 3.97 CPU) + Package perl-YAML-LibYAML-0.32-2.fc12.i586 => Provides: LibYAML.so perl(YAML::LibYAML) = 0.18 perl(YAML::XS) = 0.32 perl(YAML::XS::LibYAML) Requires: libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.3.4) perl >= 0:5.008003 perl(B::Deparse) perl(XSLoader) perl(YAML::XS::LibYAML) perl(base) perl(constant) perl(strict) perl(warnings) rtld(GNU_HASH) APPROVED.
Comment 5 Marcela Mašláňová 2009-04-30 06:09:37 UTC
New Package CVS Request ======================= Package Name: perl-YAML-LibYAML Short Description: YAML Serialization using XS and libyaml Owners: mmaslano Branches: F-11 InitialCC: perl-sig
Comment 6 Dennis Gilmore 2009-05-01 21:02:06 UTC
Comment 7 Mark Chappell 2010-07-01 12:58:54 UTC
Package Change Request ====================== Package Name: perl-YAML-LibYAML New Branches: EL-6 Owners: tremble https://bugzilla.redhat.com/show_bug.cgi?id=609807 + IRC : 13:42 <marca_> do you need my help or can you take them in EPEL? 13:42 <tremble> I'm quite happy to take them in EPEL, just need your approval as the Fedora owner 13:43 <marca_> ok, so I only write into bz comment 13:43 <tremble> Ok 13:44 <tremble> Would you prefer to be in there as a co-owner or would you rather just leave the EL branches to me? 13:45 * tremble thanks you. 13:45 <marca_> no, I don't have time for EL. Take it
Comment 8 Jason Tibbitts 2010-07-01 17:33:21 UTC
CVS done (by process-cvs-requests.py).
Comment 9 Petr Pisar 2014-03-27 07:27:51 UTC
Perl YAML-LibYAML bundles libyaml. lib/YAML/XS.pm: > Kirill Siminov's C<libyaml> is arguably the best YAML implementation. > The C library is written precisely to the YAML 1.1 specification. It was > originally bound to Python and was later bound to Ruby. > > This module is a Perl XS binding to libyaml which offers Perl the best > YAML support to date. However this is not just a binding. This a pure bundling because LibYAML directory copies yaml sources: $ find -name '*.c' -o -name '*.h' ./LibYAML/yaml_private.h ./LibYAML/yaml.h ./LibYAML/parser.c ./LibYAML/writer.c ./LibYAML/scanner.c ./LibYAML/perl_libyaml.h ./LibYAML/dumper.c ./LibYAML/loader.c ./LibYAML/api.c ./LibYAML/perl_libyaml.c ./LibYAML/emitter.c ./LibYAML/config.h ./LibYAML/ppport_sort.h ./LibYAML/ppport.h ./LibYAML/reader.c How is possible this review has passed?
Comment 10 Parag AN(पराग) 2014-03-27 12:23:42 UTC
Just wonder then how this can be detected in Automated Review Server??? looks like above is related to recently filed security bugs.
Comment 11 Petr Pisar 2014-03-27 13:04:41 UTC
(In reply to Parag AN(पराग) from comment #10) > Just wonder then how this can be detected in Automated Review Server??? > If bundled code does not mangle function names, one can check symbols from debuginfo against exported symbols from system libraries. Or one can check compilation source file names or compilation unit names between debuginfo packages. I've already receieved a bug report based on this heuristic. However this is the reason why the Automated Review Server, whatever it is, will never supersede human reviewer and thus I believe Fedora will always require human reviews. > looks like above is related to recently filed security bugs. Yes.
Comment 12 Parag AN(पराग) 2014-03-27 13:30:34 UTC
Petr, I just checked the package and found its bundling the source of libyaml which should have been checked at the time of initial package review but looks like got overlooked. Should this need FESCo ticket for exception? if not then this package need to be dropped.
Comment 13 Petr Pisar 2014-03-27 13:55:23 UTC
We will try to unbundle it.