Bug 509619
Summary: | Review Request: srtp - Secure Real-Time Transport Protocol (SRTP) Library | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Itamar Reis Peixoto <itamar> |
Component: | Package Review | Assignee: | Nobody's working on this, feel free to take it <nobody> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | alekcejk, fedora-package-review, herrold, jeff, lemenkov, notting, rpandit, tcallawa |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-11-01 21:41:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 201449 |
Description
Itamar Reis Peixoto
2009-07-04 06:19:19 UTC
It really helps if you could run rpmlint on your packages and address the output before you submit them for review. srtp-debuginfo.x86_64: E: empty-debuginfo-package You should disable the debuginfo package if you don't create a main package. srtp-devel.x86_64: W: wrong-file-end-of-line-encoding /usr/share/doc/srtp-devel-1.4.2/draft-irtf-cfrg-icm-00.txt This needs to be run through tr -d \\r or dos2unix to fix up the line endings. In addition, I feel significant unease at a security sensitive network protocol being available only as a static library. If a security issue is found, everything that linked against it will need to be rebuilt. At least one distro seems to build this as a shared library: http://www.mail-archive.com/pld-cvs-commit@lists.pld-linux.org/msg58219.html Also, version 1.4.4 seems to be current, while you've packaged 1.4.2. hi, I have ported the patch from pld linux to version 1.4.4 and sent it to upstream, waiting answer about it. updates files here, still no answer from upstream http://itamarjp.fedorapeople.org/srtp/srtp.spec http://itamarjp.fedorapeople.org/srtp/srtp-1.4.4-1.fc12.src.rpm A couple of comments, 1) Asterisk won't have SRTP support until version 1.8, which won't be available for a very long time. 2) The SRTP library appears to be abandoned by upstream. Do we really want to add another package with no upstream development? Perhaps the Asterisk, CallWeaver, FreeSwitch, etc. developers should get together and restart upstream development. Some comments about srtp.spec. 1. Versioned shared libraries libsrtp.so.0, libsrtp.so.0.0.0 should not be in -devel. They should be in main srtp package. See http://fedoraproject.org/wiki/Packaging/Guidelines#Devel_Packages 2. Main srtp package should contain description. But -devel and -static package can be with description like "Development files for %{name}." or "Static files for %{name}." I think that author name should not be in description because short description of package should be there. See http://fedoraproject.org/wiki/Packaging/Guidelines#Summary_and_description 3. Libtool archive libsrtp.la files, should not be included. See http://fedoraproject.org/wiki/Packaging/Guidelines#Packaging_Static_Libraries 4. I think that library version libsrtp.so.1 and libsrtp.so.1.0.0 (or may belibsrtp.so.1.4.4) will be more convenient. Hi Itamar, Any updates here about Comment#4 and Comment #5 ? Regards, Rakesh Pandit Update hasn't happened since a month and I pinged last week. In case there is no update in another week I will close this as deferred. Thanks, What's the status of this package? I'm starting to try and get Asterisk 1.8 built for rawhide now that F-14 has been branched off and it would be nice to enable the SRTP support. (In reply to comment #8) > What's the status of this package? I'm starting to try and get Asterisk 1.8 > built for rawhide now that F-14 has been branched off and it would be nice to > enable the SRTP support. Jeffrey, do you like to continue this review request ? I am a bit busy. also there are almost no traffic in srtp mailing list, I recommend you to try to contact srtp developers about patches. It seems that there's no upstream development and nobody with the time to address the review commentary, so I'm just going to close this ticket. If Jeffrey does want to pick this up, I urge him to open his own ticket. I'm probably going to pick this up, as libjingle 0.5.1 grew this as a dependency. I've opened a new ticket here: https://bugzilla.redhat.com/show_bug.cgi?id=656010 |