Bug 680657

A mail has been sent to legal to clarify whether the presence of one file with a different license is acceptable.

As long as there are no license compatibility issues and the licenses are all properly accounted for according to the packaging guidelines, why wouldn't it be acceptable?  This should already be covered by the existing documentation: http://fedoraproject.org/wiki/Packaging:LicensingGuidelines#Multiple_Licensing_Scenarios

Or do I misunderstand the situation here?

@Jason,

Ok, currently the license of this md5.cpp file is not mentioned in the spec file. That has to be done. However I am unable to find out what license that file is under. The text seems to match MIT license but not word for word.

@sanjay.ankur , can you have a look at that file as well? It is md5.cpp

(In reply to comment #3)
> @Jason,
> 
> Ok, currently the license of this md5.cpp file is not mentioned in the spec
> file. That has to be done. However I am unable to find out what license that
> file is under. The text seems to match MIT license but not word for word.
> 
> @sanjay.ankur , can you have a look at that file as well? It is
> md5.cpp

It looks like a variant of the BSD license. This one in particular is pretty close to the license statement of md5.cpp :

http://fedoraproject.org/wiki/Licensing/BSD#Hybrid_BSD_.28half_BSD.2C_half_zlib.29

Jason, how do you suggest I proceed?

Thanks,
Ankur

Well, the first barrier here is that, as is often the case when you have one piece of code with an odd license, this is a bundled library.  Is this one of the md5 libraries we've already approved for bundling?  https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries

If so you'll at minimum need to add the Provides: bundled(md5-whatever) bit.  If not, FPC will need to review the situation.

As for the license issue, of course the license of the actual files present in the binary package are significant (as told in the URLs I've already provided).  If it is not obvious how the licenses combine, you will need to get an opinion from the legal folks.

(In reply to comment #5)
> Well, the first barrier here is that, as is often the case when you have one
> piece of code with an odd license, this is a bundled library.  Is this one of
> the md5 libraries we've already approved for bundling? 
> https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries
> 
> If so you'll at minimum need to add the Provides: bundled(md5-whatever) bit. 
> If not, FPC will need to review the situation.
> 
> As for the license issue, of course the license of the actual files present in
> the binary package are significant (as told in the URLs I've already provided).
>  If it is not obvious how the licenses combine, you will need to get an opinion
> from the legal folks.

Hey,

It appears to be the "Peter Deutsch's version: bundled(md5-deutsch) " version.
I've added a virtual provides.

SPEC:http://ankursinha.fedorapeople.org/mpdas/mpdas.spec
SRPM:http://ankursinha.fedorapeople.org/mpdas/mpdas-0.3.0-2.fc14.src.rpm


rpmlint outputs: (They don't look major, I'll look into them as the review progresses)

[ankur@ankur SPECS]$ rpmlint mpdas.spec ../SRPMS/mpdas-0.3.0-2.fc14.src.rpm ../RPMS/x86_64/mpdas-0.3.0-2.fc14.x86_64.rpm
mpdas.spec:15: W: unversioned-explicit-provides bundled(md5-deutsch)
mpdas.spec:29: W: rpm-buildroot-usage %build CXXFLAGS=$RPM_OPT_FLAGS PREFIX=$RPM_BUILD_ROOT%{_prefix} MANPREFIX=$RPM_BUILD_ROOT%{_mandir}
mpdas.spec:15: W: mixed-use-of-spaces-and-tabs (spaces: line 1, tab: line 15)
mpdas.src: W: spelling-error Summary(en_US) audioscrobbling -> audiological, audiocassette, audiovisuals
mpdas.src: W: spelling-error Summary(en_US) clien -> cline, lien, client
mpdas.src: W: spelling-error %description -l en_US libmpd -> libido, limpid, Librium
mpdas.src: W: spelling-error %description -l en_US libcurl -> lib curl, lib-curl, liberal
mpdas.src:15: W: unversioned-explicit-provides bundled(md5-deutsch)
mpdas.src:29: W: rpm-buildroot-usage %build CXXFLAGS=$RPM_OPT_FLAGS PREFIX=$RPM_BUILD_ROOT%{_prefix} MANPREFIX=$RPM_BUILD_ROOT%{_mandir}
mpdas.src:15: W: mixed-use-of-spaces-and-tabs (spaces: line 1, tab: line 15)
mpdas.x86_64: W: spelling-error Summary(en_US) audioscrobbling -> audiological, audiocassette, audiovisuals
mpdas.x86_64: W: spelling-error Summary(en_US) clien -> cline, lien, client
mpdas.x86_64: W: spelling-error %description -l en_US libmpd -> libido, limpid, Librium
mpdas.x86_64: W: spelling-error %description -l en_US libcurl -> lib curl, lib-curl, liberal
2 packages and 1 specfiles checked; 0 errors, 14 warnings.

Thanks!
Ankur

Hi Ankur,
I checked the spec. Looks fine. 

Two issues.
1) There is a tab/space issue which can be fixed. 
2) rpmlint warns about very small size of the debuginfo package. I found that the RPM_OPT_FLAGS are not being honoured when the build is happening and hence the small  size. I built the package using make command, passing the RPM_OPT_FLAGS and the debuginfo package is around 124-130 KB.  rpmlint doesn't complain about this package.

I made this change to the spec file in %build section
   export CXXFLAGS=$RPM_OPT_FLAGS && make CONFIG=%{_sysconfdir}
but not sure whether this is the right way to make the build accept the CXXFLAGS.

Hey,

Fresh builds:

http://ankursinha.fedorapeople.org/mpdas/mpdas.spec

http://ankursinha.fedorapeople.org/mpdas/mpdas-0.3.0-2.fc16.i686.rpm

The tap spacing has been corrected. 

rpmlint doesn't complain about the debuginfo anymore. I'll confirm the usage of CFLAGS etc though


[ankur@ankur SPECS]$ rpmlint mpdas.spec ../SRPMS/mpdas-0.3.0-2.fc14.src.rpm /var/lib/mock/fedora-rawhide-i386/result/*.rpm
mpdas.spec:15: W: unversioned-explicit-provides bundled(md5-deutsch)
mpdas.spec:29: W: rpm-buildroot-usage %build export CONFIG="%{_sysconfdir}" PREFIX="$RPM_BUILD_ROOT%{_prefix}" MANPREFIX="$RPM_BUILD_ROOT%{_mandir}" CXXFLAGS+="$RPM_OPT_FLAGS"
mpdas.src: W: spelling-error Summary(en_US) audioscrobbling -> audiological, audiocassette, audiovisuals
mpdas.src: W: spelling-error %description -l en_US libmpd -> libido, limpid, Librium
mpdas.src: W: spelling-error %description -l en_US libcurl -> lib curl, lib-curl, liberal
mpdas.src:15: W: unversioned-explicit-provides bundled(md5-deutsch)
mpdas.src:29: W: rpm-buildroot-usage %build export CONFIG="%{_sysconfdir}" PREFIX="$RPM_BUILD_ROOT%{_prefix}" MANPREFIX="$RPM_BUILD_ROOT%{_mandir}" CXXFLAGS+="$RPM_OPT_FLAGS"
mpdas.i686: W: spelling-error Summary(en_US) audioscrobbling -> audiological, audiocassette, audiovisuals
mpdas.i686: W: spelling-error %description -l en_US libmpd -> libido, limpid, Librium
mpdas.i686: W: spelling-error %description -l en_US libcurl -> lib curl, lib-curl, liberal
mpdas.src: W: spelling-error Summary(en_US) audioscrobbling -> audiological, audiocassette, audiovisuals
mpdas.src: W: spelling-error %description -l en_US libmpd -> libido, limpid, Librium
mpdas.src: W: spelling-error %description -l en_US libcurl -> lib curl, lib-curl, liberal
mpdas.src:15: W: unversioned-explicit-provides bundled(md5-deutsch)
mpdas.src:29: W: rpm-buildroot-usage %build export CONFIG="%{_sysconfdir}" PREFIX="$RPM_BUILD_ROOT%{_prefix}" MANPREFIX="$RPM_BUILD_ROOT%{_mandir}" CXXFLAGS+="$RPM_OPT_FLAGS"
4 packages and 1 specfiles checked; 0 errors, 15 warnings.


Thanks,
Ankur

src rpm at this location http://ankursinha.fedorapeople.org/mpdas/mpdas-0.3.0-2.fc16.src.rpm

[+]MUST: rpmlint must be run on every package. The output should be posted in the review.
rpmlint  -i *.rpm mpdas.spec 
mpdas.i686: W: spelling-error Summary(en_US) audioscrobbling -> audiological, audiocassette, audiovisuals
The value of this tag appears to be misspelled. Please double-check.

mpdas.i686: W: spelling-error %description -l en_US libmpd -> libido, limpid, Librium
The value of this tag appears to be misspelled. Please double-check.

mpdas.i686: W: spelling-error %description -l en_US libcurl -> lib curl, lib-curl, Liberal
The value of this tag appears to be misspelled. Please double-check.

mpdas.src: W: spelling-error Summary(en_US) audioscrobbling -> audiological, audiocassette, audiovisuals
The value of this tag appears to be misspelled. Please double-check.

mpdas.src: W: spelling-error %description -l en_US libmpd -> libido, limpid, Librium
The value of this tag appears to be misspelled. Please double-check.

mpdas.src: W: spelling-error %description -l en_US libcurl -> lib curl, lib-curl, Liberal
The value of this tag appears to be misspelled. Please double-check.

mpdas.src:15: W: unversioned-explicit-provides bundled(md5-deutsch)
The specfile contains an unversioned Provides: token, which will match all
older, equal, and newer versions of the provided thing.  This may cause update
problems and will make versioned dependencies, obsoletions and conflicts on
the provided thing useless -- make the Provides versioned if possible.

mpdas.src:29: W: rpm-buildroot-usage %build export CONFIG="%{_sysconfdir}" PREFIX="$RPM_BUILD_ROOT%{_prefix}" MANPREFIX="$RPM_BUILD_ROOT%{_mandir}" CXXFLAGS+="$RPM_OPT_FLAGS"
$RPM_BUILD_ROOT should not be touched during %build or %prep stage, as it may
break short circuit builds.

mpdas.spec:15: W: unversioned-explicit-provides bundled(md5-deutsch)
The specfile contains an unversioned Provides: token, which will match all
older, equal, and newer versions of the provided thing.  This may cause update
problems and will make versioned dependencies, obsoletions and conflicts on
the provided thing useless -- make the Provides versioned if possible.

Looks fine according t o http://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Packages_granted_exceptions

mpdas.spec:29: W: rpm-buildroot-usage %build export CONFIG="%{_sysconfdir}" PREFIX="$RPM_BUILD_ROOT%{_prefix}" MANPREFIX="$RPM_BUILD_ROOT%{_mandir}" CXXFLAGS+="$RPM_OPT_FLAGS"
$RPM_BUILD_ROOT should not be touched during %build or %prep stage, as it may
break short circuit builds.

False alarm.

3 packages and 1 specfiles checked; 0 errors, 10 warnings.

[+]MUST: The package must be named according to the Package Naming Guidelines.
[+]MUST: The spec file name must match the base package %{name}, in the format %{name}.spec
[+]MUST: The package must meet the Packaging Guidelines.
        Naming-Yes
        Version-release - Matches
        No prebuilt external bits - OK
        Spec legibity - OK
        Package template - OK
        Arch support - OK, built on i686
        Libexecdir - OK
        rpmlint - yes
        changelogs - OK
        Source url tag  - OK, validated.
        Buildroot is ignored - present anyway. OK
        %clean is ignored - present anyway. OK
        Build Requires list - OK
        Summary and description - OK

[+]MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines .
[+]MUST: The License field in the package spec file must match the actual license.
[+]MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc.
License file is included.
[+]MUST: The spec file must be written in American English.
[+]MUST: The spec file for the package MUST be legible.
[+]MUST: The sources used to build the package must match the upstream source,as provided in the spec URL. Reviewers should use md5sum for this task.

 mpdas-0.3.0-2.fc16.src/mpdas-0.3.0.tar.bz2 
d9f6e4d3b000d95835f39fb1aa3f4b28  mpdas-0.3.0-2.fc16.src/mpdas-0.3.0.tar.bz2

md5sum mpdas-0.3.0.tar.bz2 
d9f6e4d3b000d95835f39fb1aa3f4b28  mpdas-0.3.0.tar.bz2

[+]MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture.
Built on i686.
[+]MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in
ExcludeArch.
[+]MUST: All build dependencies must be listed in BuildRequires.
[NA]MUST: The spec file MUST handle locales properly using the %find_lang macro
[NA]MUST: Packages stores shared library files must call ldconfig in %post and %postun.
[+]MUST: Packages must NOT bundle copies of system libraries.
Checked with rpmquery --list
[NA]MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review.
[+]MUST: A package must own all directories that it creates.
[+]MUST: A Fedora package must not list a file more than once in the spec file's %files listings.
[+]MUST: Permissions on files must be set properly.
[+]MUST: Each package must consistently use macros.
[+]MUST: The package must contain code, or permissible content.
[+]MUST: Large documentation files must go in a -doc subpackage.
[+]MUST: If a package includes something as %doc, it must not affect the runtime of the application.
[NA]MUST: Header files must be in a -devel package.
[NA]MUST: Static libraries must be in a -static package.
[NA]MUST: If a package contains library files with a suffix (e.g.libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package.
[NA]MUST: devel packages must require the base package using a fully versioned dependency: Requires: {name} = %{version}-%{release}
[NA]MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built.
[NA]MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section
[+]MUST: Packages must not own files or directories already owned by other packages.
[+]MUST: At the beginning of %install, each package MUST run rm -rf %{buildroot} (or $RPM_BUILD_ROOT).
[+] MUST: Each package must have a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT).
[+]MUST: All filenames in rpm packages must be valid UTF-8.

Should items
[+]SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it.
[+]SHOULD: The reviewer should test that the package functions as described.
Installation is fine. Executable runs fine.
[+]SHOULD: If scriptlets are used, those scriptlets must be sane.

APPROVED.

Thanks!!

New Package SCM Request
=======================
Package Name: mpdas
Short Description: An MPD audioscrobbling client
Owners: ankursinha
Branches: f14 f15
InitialCC:

Git done (by process-git-requests).

mpdas-0.3.0-2.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/mpdas-0.3.0-2.fc15

mpdas-0.3.0-2.fc15 has been pushed to the Fedora 15 testing repository.

mpdas-0.3.0-2.fc15 has been pushed to the Fedora 15 stable repository.