Bug 818264
Summary: | Review Request: xlwt - Spreadsheet python library | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Alec Leamas <leamas.alec> |
Component: | Package Review | Assignee: | Stanislav Ochotnicky <sochotni> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | gwync, jspaleta, notting, package-review, sochotni, tcallawa |
Target Milestone: | --- | Flags: | sochotni:
fedora-review+
gwync: fedora-cvs+ |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-05-08 14:05:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 817271 |
Description
Alec Leamas
2012-05-02 15:26:52 UTC
Adding metadata I can do the review. Please have a look at that python-ropemode (701954). Thanks! Thanks. After reviewing your package, I got a that feeling and reviewed my own package again. Updated in-place, same links. I was already halfway through the review so I'll post it as it is and then just list still applicable stuff in another comment Package Review ============== Key: - = N/A x = Pass ! = Fail ? = Not evaluated ==== Generic ==== [x]: MUST Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: MUST Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: MUST %build honors applicable compiler flags or justifies otherwise. [x]: MUST All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: MUST Buildroot is not present Note: Unless packager wants to package for EPEL5 this is fine [!]: MUST Package contains no bundled libraries. [x]: MUST Changelog in prescribed format. [x]: MUST Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) Note: Clean would be needed if support for EPEL is required [x]: MUST Sources contain only permissible code or content. [x]: MUST Each %files section contains %defattr if rpm < 4.4 Note: Note: defattr macros not found. They would be needed for EPEL5 [x]: MUST Macros in Summary, %description expandable at SRPM build time. [!]: MUST Package requires other packages for directories it uses. Package should probably require python (even though it is even in minimal install) [x]: MUST Package uses nothing in %doc for runtime. [x]: MUST Package is not known to require ExcludeArch. [x]: MUST Permissions on files are set properly. [x]: MUST Package does not contain duplicates in %files. [x]: MUST Spec file lacks Packager, Vendor, PreReq tags. [x]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. Note: rm -rf would be needed if support for EPEL5 is required [-]: MUST Large documentation files are in a -doc subpackage, if required. [!]: MUST If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [!]: MUST License field in the package spec file matches the actual license. [x]: MUST Package consistently uses macros (instead of hard-coded directory names). [x]: MUST Package is named according to the Package Naming Guidelines. [x]: MUST Package does not generate any conflict. [x]: MUST Package obeys FHS, except libexecdir and /usr/target. [x]: MUST Package must own all directories that it creates. [x]: MUST Package does not own files or directories owned by other packages. [x]: MUST Package installs properly. [x]: MUST Requires correct, justified where necessary. [!]: MUST Rpmlint output is silent. rpmlint python-xlwt-0.7.4-1.fc18.src.rpm python-xlwt.src: W: invalid-license LGPL2.0 1 packages and 0 specfiles checked; 0 errors, 1 warnings. rpmlint python-xlwt-0.7.4-1.fc18.noarch.rpm python-xlwt.noarch: W: invalid-license LGPL2.0 python-xlwt.noarch: W: file-not-utf8 /usr/share/doc/python-xlwt-0.7.4/licences.py 1 packages and 0 specfiles checked; 0 errors, 2 warnings. [x]: MUST Sources used to build the package match the upstream source, as provided in the spec URL. /home/w0rm/work/projects/FedoraReview/818264/xlwt-0.7.4.tar.gz : MD5SUM this package : 231f4ff30894fc70d142b4ed1ba71cc0 MD5SUM upstream package : 231f4ff30894fc70d142b4ed1ba71cc0 [x]: MUST Spec file is legible and written in American English. [x]: MUST Spec file name must match the spec package %{name}, in the format %{name}.spec. [-]: MUST Package contains a SysV-style init script if in need of one. [x]: MUST File names are valid UTF-8. [-]: MUST Useful -debuginfo package or justification otherwise. [x]: SHOULD Reviewer should test that the package builds in mock. [!]: SHOULD If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: SHOULD Dist tag is present. [x]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q --requires). [x]: SHOULD Package functions as described. [x]: SHOULD Latest version is packaged. [x]: SHOULD Package does not include license text files separate from upstream. [x]: SHOULD Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: SHOULD SourceX is a working URL. [-]: SHOULD Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: SHOULD Package should compile and build into binary rpms on all supported architectures. [!]: SHOULD %check is present and all tests pass. If possible checks available in tests/ directory should be run during %check [x]: SHOULD Packages should try to preserve timestamps of original installed files. [x]: SHOULD Spec use %global instead of %define. Issues: [!]: MUST Package contains no bundled libraries. There is antlr-python bundled: xlwt/antlr.py this needs to be unbundled, antlr-python should be put into Requires. Shouldn't be hard and it should keep working with few/no modifications of source code. Bring it up with upstream as well. Bundling is ugly practice [!]: SHOULD If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. As stated above a full license text of LGPLv2.1 should probably be included (if that is indeed the intention of upstream with utils.py). Get in touch with upstream about this. [!]: MUST If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. It would be good to contact upstream and get them to include full text of LGPL in the tarballs. I also see no reason to have licenses in a Python file, but I don't particularly care about that :-) [!]: MUST License field in the package spec file matches the actual license. licences.py states that the project is a fork of pyExcelerator which was a weird BSD 4 clause that I have never seen and fedora wiki doesn't list it either. README.html and licenses.py added BSD (3 clause). And then there is xlwt/Utils.py which says LGPLv2+ I am blocking FE_LEGAL. I believe the 4-clause BSD license is most probably OK, but it needs to be added to https://fedoraproject.org/wiki/Licensing#Good_Licenses see: https://fedoraproject.org/wiki/Licensing/BSD Final License tag will most probably be something like: LGPLv2+ and BSD and BSD with attribution But we should wait on legal with this. [!]: MUST Rpmlint output is silent. rpmlint python-xlwt-0.7.4-1.fc18.src.rpm python-xlwt.src: W: invalid-license LGPL2.0 1 packages and 0 specfiles checked; 0 errors, 1 warnings. rpmlint python-xlwt-0.7.4-1.fc18.noarch.rpm python-xlwt.noarch: W: invalid-license LGPL2.0 python-xlwt.noarch: W: file-not-utf8 /usr/share/doc/python-xlwt-0.7.4/licences.py 1 packages and 0 specfiles checked; 0 errors, 2 warnings. LGPL2.0 is actually LGPLv2 (even though even that would not be correct in this case as stated above) licenses.py should be converted to UTF-8 prior to installing See: http://fedoraproject.org/wiki/Packaging/Guidelines#rpmlint Generated by fedora-review 0.2.0git External plugins: /usr/share/fedora-review/plugins/ext2.pl version: 1.0 So in short: you partially fixed the license tag, which is good. But it still contains this 4-clause BSD license: """ Copyright (C) 2005 Roman V. Kiseliov All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by Roman V. Kiseliov <roman>." 4. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by Roman V. Kiseliov <roman>." THIS SOFTWARE IS PROVIDED BY Roman V. Kiseliov ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Roman V. Kiseliov OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Roman V. Kiseliov Russia Kursk Libknecht St., 4 +7(0712)56-09-83 <roman> Subject: pyExcelerator """ I just noticed it would be nice to also change: %{python_sitelib}/* to: %{python_sitelib}/%{name} So future updates don't include something accidentaly. (In reply to comment #4) > I was already halfway through the review so I'll post it as it is and then just > list still applicable stuff in another comment OK [cut] > [!]: MUST Package requires other packages for directories it uses. > Package should probably require python (even though it is even in > minimal install) Done > [!]: MUST Rpmlint output is silent. It is, now. > [!]: SHOULD If the source package does not include license text(s) as a > separate file from upstream, the packager SHOULD query upstream to > include it. Done. https://github.com/python-excel/xlwt/issues/4 > [!]: SHOULD %check is present and all tests pass. > > If possible checks available in tests/ directory should be run during %check It's not, I have looked into that. It's just not what it seems to be ;) > Issues: > [!]: MUST Package contains no bundled libraries. > > There is antlr-python bundled: xlwt/antlr.py > this needs to be unbundled, antlr-python should be put into > Requires. Shouldn't be hard and it should keep working with few/no > modifications of source code. Bring it up with upstream as > well. Bundling is ugly practice Done. Link in spec, along with the patch. Good catch! > [!]: SHOULD If the source package does not include license text(s) as a > separate file from upstream, the packager SHOULD query upstream to > include it. > As stated above a full license text of LGPLv2.1 should probably be > included (if that is indeed the intention of upstream with > utils.py). Get in touch with upstream about this. Done: https://github.com/python-excel/xlwt/issues/4 > [!]: MUST If (and only if) the source package includes the text of the > license(s) in its own file, then that file, containing the text of the > license(s) for the package is included in %doc. > It would be good to contact upstream and get them to include full text > of LGPL in the tarballs. I also see no reason to have licenses in a > Python file, but I don't particularly care about that :-) > > [!]: MUST License field in the package spec file matches the actual license. [cut] > Final License tag will most probably be something like: > LGPLv2+ and BSD and BSD with attribution > > But we should wait on legal with this. OK, lets wait. I presume you handle the contacts with fedora-legal?! > [!]: MUST Rpmlint output is silent. Fixed, now silent. > licenses.py should be converted to UTF-8 prior to installing Fixed... > I just noticed it would be nice to also change: > %{python_sitelib}/* > to: > %{python_sitelib}/%{name} > > So future updates don't include something accidentaly. Not exactly that way, but fixed. Ugh. That's a modified Apache 1.0 license (which is itself BSD derived). Just for simplicity, I'm going to also call this BSD with Advertising. So: License: LGPLv2+ and BSD and BSD with advertising You might want to try to get upstream to simplify down to just one BSD, but it's not a Fedora blocker. Lifting FE-Legal. (In reply to comment #7) Thanks for fast reply! > Ugh. That's a modified Apache 1.0 license (which is itself BSD derived). > > Just for simplicity, I'm going to also call this BSD with Advertising. > > So: > > License: LGPLv2+ and BSD and BSD with advertising > Fixed Also added %check, after reading the code again. Sometimes, being wrong is the right thing ;) Still updating in-place, same links and release. And I have actually submitted a pull request for all items on github :) https://github.com/python-excel/xlwt/pull/6 Will talk to upstream about streamlining licenses after current open issues have settled. All looks good now. APPROVED Thanks for the review. And for the lesson on licensing... New Package SCM Request ======================= Package Name: xlwt Short Description: Spreadsheet python library Owners: leamas Branches: f16 f17 InitialCC: Git done (by process-git-requests). This is a total disaster. I requested the wrong name. Is it possible to kill the empty repo and process below? Still Another Package SCM Request ================================== Package Name: python-xlwt <-------------- Short Description: Spreadsheet python library Owners: leamas Branches: f16 f17 InitialCC: Git done (by process-git-requests). No worries, I removed xlwt from git, retired it in pkgdb, and created python-xlwt. In the future, though, stick to the template for SCM requests, the one in #12 confused our tool a bit. :) In the future, let's assume I'll never, ever submit such a request as comment #12 again :( - and thus stick to the template. Build OK for rawhide, F16, F17. I don't intend to build for F15. Closing. *** Bug 613766 has been marked as a duplicate of this bug. *** |