Bug 736516
| Summary: | Review Request: xml-security - Implementation of W3C security standards for XML | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Andy Grimm <agrimm> |
| Component: | Package Review | Assignee: | Alexander Kurtakov <akurtako> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | akurtako, jgoulding, notting, package-review |
| Target Milestone: | --- | Flags: | akurtako:
fedora-review+
gwync: fedora-cvs+ |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-10-18 08:38:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Andy Grimm
2011-09-07 21:49:40 UTC
I'll do this one. Package Review
==============
Key:
- = N/A
x = Check
! = Problem
? = Not evaluated
=== REQUIRED ITEMS ===
[x] Rpmlint output:
xml-security-demo.noarch: W: no-documentation
[x] Package is named according to the Package Naming Guidelines[1].
[x] Spec file name must match the base package name, in the format %{name}.spec.
[x] Package meets the Packaging Guidelines[2].
[x] Package successfully compiles and builds into binary rpms.
[x] Buildroot definition is not present
[x] Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4].
[x] License field in the package spec file matches the actual license.
License type:ASL 2.0
[x] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
[!] All independent sub-packages have license of their own
[x] Spec file is legible and written in American English.
[x] Sources used to build the package matches the upstream source, as provided in the spec URL.
MD5SUM this package :a5d45bf2eb369fcc323519733beea25c
MD5SUM upstream package:a5d45bf2eb369fcc323519733beea25c
[x] All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5].
[x] Package must own all directories that it creates.
[x] Package requires other packages for directories it uses.
[x] Package does not contain duplicates in %files.
[x] File sections do not contain %defattr(-,root,root,-) unless changed with good reason
[x] Permissions on files are set properly.
[x] Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore)
[x] Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing)
[x] Package contains code, or permissable content.
[x] Fully versioned dependency in subpackages, if present.
[-] Package contains a properly installed %{name}.desktop file if it is a GUI application.
[x] Package does not own files or directories owned by other packages.
[x] Javadoc documentation files are generated and included in -javadoc subpackage
[x] Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks)
[x] Packages have proper BuildRequires/Requires on jpackage-utils
[x] Javadoc subpackages have Require: jpackage-utils
[!] Package uses %global not %define
[-] If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...)
[x] If source tarball includes bundled jar/class files these need to be removed prior to building
[x] All filenames in rpm packages must be valid UTF-8.
[x] Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details)
[x] If package contains pom.xml files install it (including depmaps) even when building with ant
[x] pom files has correct add_maven_depmap
=== Maven ===
[x] Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms
[-] If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment
[-] If package uses custom depmap "-Dmaven.local.depmap.file=*" explain why it's needed in a comment
[x] Package DOES NOT use %update_maven_depmap in %post/%postun
[x] Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro
=== Other suggestions ===
[x] If possible use upstream build method (maven/ant/javac)
[x] Avoid having BuildRequires on exact NVR unless necessary
[x] Package has BuildArch: noarch (if possible)
[x] Latest version is packaged.
[x] Reviewer should test that the package builds in mock.
=== Issues ===
1.Demo package is independant but is missing license
2. Use %global instead of %define
3. ant-trax and ant-nodeps are merged into ant please don't require them
4. xml-commons-apis-1.3 are used please use xml-commons-apis (version 1.4) if at all needed. I tried and it works fine locally without it.
5. There is an empty export CLASSPATH= , it does nothing, remove it
6. export OPT_JAR_LIST=.... is for ant installation where plugins are not setup correctly, not needed on fedora, remove it
I have corrected the issues mentioned above: SPEC: https://downloads.eucalyptus.com/software/devel/fedora-16/SPECS/xml-security.spec SRPM: https://downloads.eucalyptus.com/software/devel/fedora-16/SRPMS/xml-security-1.4.5-2.fc16.src.rpm Thanks, APPROVED New Package SCM Request ======================= Package Name: xml-security Short Description: Implementation of W3C security standards for XML Owners: arg Git done (by process-git-requests). |