Spec URL: https://raphgro.fedorapeople.org/review/paintown/paintown.spec
SRPM URL: https://raphgro.fedorapeople.org/review/paintown/paintown-3.6.0-0.1.fc20.src.rpm
Description: Side-scrolling, action packed and fighting beatem-up game
Fedora Account System Username: raphgro
Test builds: https://copr.fedoraproject.org/coprs/raphgro/Paintown/builds
Known but open issues:
paintown.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/paintown-bin
This executable is calling setuid and setgid without setgroups or initgroups.
There is a high probability this means it didn't relinquish all groups, and
this would be a potential security issue to be fixed. Seek POS36-C on the web
for details about the problem.
- further see my comments annotated FIXME and TODO in spec file
Koji scratch build is N/A for me cause of the SRPM size (86M).
cmake does not allow to build inside source (mkdir build).
Reported missing-call-to-setgroups-before-setuid to upstream:
Not a real blocker, but still some punishment to abrt: bug 1150241.
Taken :) Review will follow soon.
fedora-review doesn't work :( I'm reviewing against rawhide, but I use a Fedora 20 machine for this. Maybe the reason?
INFO: Processing bugzilla bug: 1150637
INFO: Getting .spec and .srpm Urls from : 1150637
INFO: --> SRPM url: https://raphgro.fedorapeople.org/review/paintown/paintown-3.6.0-0.1.fc20.src.rpm
INFO: --> Spec url: https://raphgro.fedorapeople.org/review/paintown/paintown.spec
INFO: Using review directory: /home/packaging/1150637-paintown
INFO: Downloading .spec and .srpm files
error: line 38: Unknown tag: Suggests: paintown-editor
ERROR: "Can't parse specfile: can't parse specfile\n" (logs in /home/packaging/.cache/fedora-review.log)
Added to legal tracker, I'm really unsure about the data files, when I have a look at the LEGAL file I get scared :( And no license for the fonts :( License stuff has to be checked before I will go on with the review.
Created attachment 950823 [details]
LEGAL file containing "licenses" of data stuff
LEGAL file containing "licenses" of data stuff. I'm very unsure about this.
Created attachment 950852 [details]
Output from licensecheck
Heavy licence issues here. I am not able to patch all that crap. Please work with upstream if you still want see that nice game in Fedora.
Had a more detailed look into license stuff. Imho it is not possible to include this into Fedora at this point. The package contains microsoft fonts (arial.ttf) as well as other data files with unclear license. For some of the files mentioned in LEGAL file even the author is unknown. I would set fedora-review- flag now, but you already canceled this :) Thank you for this.
Maybe with a huge amount of work (on upstream level) it is possible to fix these issues, but as there are so many files without license info...