Spec URL: https://raphgro.fedorapeople.org/review/paintown/paintown.spec SRPM URL: https://raphgro.fedorapeople.org/review/paintown/paintown-3.6.0-0.1.fc20.src.rpm Description: Side-scrolling, action packed and fighting beatem-up game Fedora Account System Username: raphgro Test builds: https://copr.fedoraproject.org/coprs/raphgro/Paintown/builds Known but open issues: paintown.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/paintown-bin This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this means it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. - further see my comments annotated FIXME and TODO in spec file
Koji scratch build is N/A for me cause of the SRPM size (86M). cmake does not allow to build inside source (mkdir build). Reported missing-call-to-setgroups-before-setuid to upstream: https://sourceforge.net/p/paintown/discussion/paintown/thread/4b09c1b0/
Not a real blocker, but still some punishment to abrt: bug 1150241.
Taken :) Review will follow soon.
fedora-review doesn't work :( I'm reviewing against rawhide, but I use a Fedora 20 machine for this. Maybe the reason? Finish: run INFO: Processing bugzilla bug: 1150637 INFO: Getting .spec and .srpm Urls from : 1150637 INFO: --> SRPM url: https://raphgro.fedorapeople.org/review/paintown/paintown-3.6.0-0.1.fc20.src.rpm INFO: --> Spec url: https://raphgro.fedorapeople.org/review/paintown/paintown.spec INFO: Using review directory: /home/packaging/1150637-paintown INFO: Downloading .spec and .srpm files error: line 38: Unknown tag: Suggests: paintown-editor ERROR: "Can't parse specfile: can't parse specfile\n" (logs in /home/packaging/.cache/fedora-review.log)
Added to legal tracker, I'm really unsure about the data files, when I have a look at the LEGAL file I get scared :( And no license for the fonts :( License stuff has to be checked before I will go on with the review.
Created attachment 950823 [details] LEGAL file containing "licenses" of data stuff LEGAL file containing "licenses" of data stuff. I'm very unsure about this.
Created attachment 950852 [details] Output from licensecheck
Heavy licence issues here. I am not able to patch all that crap. Please work with upstream if you still want see that nice game in Fedora.
Had a more detailed look into license stuff. Imho it is not possible to include this into Fedora at this point. The package contains microsoft fonts (arial.ttf) as well as other data files with unclear license. For some of the files mentioned in LEGAL file even the author is unknown. I would set fedora-review- flag now, but you already canceled this :) Thank you for this. Maybe with a huge amount of work (on upstream level) it is possible to fix these issues, but as there are so many files without license info... Greetings, Christian