Bug 1150637 - Review Request: paintown - action beatem-up game
Summary: Review Request: paintown - action beatem-up game
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Christian Dersch
QA Contact: Fedora Extras Quality Assurance
Whiteboard: NotReady
Depends On: 1150241
Blocks: FE-Legal
TreeView+ depends on / blocked
Reported: 2014-10-08 14:51 UTC by Raphael Groner
Modified: 2014-10-26 22:17 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-10-26 22:11:39 UTC
Type: ---
lupinix.fedora: fedora-review-

Attachments (Terms of Use)
LEGAL file containing "licenses" of data stuff (9.31 KB, text/plain)
2014-10-26 17:30 UTC, Christian Dersch
no flags Details
Output from licensecheck (88.16 KB, text/plain)
2014-10-26 22:06 UTC, Christian Dersch
no flags Details

Description Raphael Groner 2014-10-08 14:51:38 UTC
Spec URL: https://raphgro.fedorapeople.org/review/paintown/paintown.spec
SRPM URL: https://raphgro.fedorapeople.org/review/paintown/paintown-3.6.0-0.1.fc20.src.rpm
Description: Side-scrolling, action packed and fighting beatem-up game
Fedora Account System Username: raphgro

Test builds: https://copr.fedoraproject.org/coprs/raphgro/Paintown/builds

Known but open issues:

paintown.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/paintown-bin
This executable is calling setuid and setgid without setgroups or initgroups.
There is a high probability this means it didn't relinquish all groups, and
this would be a potential security issue to be fixed. Seek POS36-C on the web
for details about the problem.

- further see my comments annotated FIXME and TODO in spec file

Comment 1 Raphael Groner 2014-10-08 15:37:38 UTC
Koji scratch build is N/A for me cause of the SRPM size (86M).

cmake does not allow to build inside source (mkdir build).

Reported missing-call-to-setgroups-before-setuid to upstream: 

Comment 2 Raphael Groner 2014-10-11 16:19:53 UTC
Not a real blocker, but still some punishment to abrt: bug 1150241.

Comment 3 Christian Dersch 2014-10-26 16:10:08 UTC
Taken :) Review will follow soon.

Comment 4 Christian Dersch 2014-10-26 16:32:05 UTC
fedora-review doesn't work :( I'm reviewing against rawhide, but I use a Fedora 20 machine for this. Maybe the reason?

Finish: run
INFO: Processing bugzilla bug: 1150637
INFO: Getting .spec and .srpm Urls from : 1150637
INFO:   --> SRPM url: https://raphgro.fedorapeople.org/review/paintown/paintown-3.6.0-0.1.fc20.src.rpm
INFO:   --> Spec url: https://raphgro.fedorapeople.org/review/paintown/paintown.spec
INFO: Using review directory: /home/packaging/1150637-paintown
INFO: Downloading .spec and .srpm files
error: line 38: Unknown tag: Suggests:       paintown-editor
ERROR: "Can't parse specfile: can't parse specfile\n" (logs in /home/packaging/.cache/fedora-review.log)

Comment 5 Christian Dersch 2014-10-26 17:26:16 UTC
Added to legal tracker, I'm really unsure about the data files, when I have a look at the LEGAL file I get scared :( And no license for the fonts :( License stuff has to be checked before I will go on with the review.

Comment 6 Christian Dersch 2014-10-26 17:30:42 UTC
Created attachment 950823 [details]
LEGAL file containing "licenses" of data stuff

LEGAL file containing "licenses" of data stuff. I'm very unsure about this.

Comment 7 Christian Dersch 2014-10-26 22:06:07 UTC
Created attachment 950852 [details]
Output from licensecheck

Comment 8 Raphael Groner 2014-10-26 22:11:39 UTC
Heavy licence issues here. I am not able to patch all that crap. Please work with upstream if you still want see that nice game in Fedora.

Comment 9 Christian Dersch 2014-10-26 22:16:19 UTC
Had a more detailed look into license stuff. Imho it is not possible to include this into Fedora at this point. The package contains microsoft fonts (arial.ttf) as well as other data files with unclear license. For some of the files mentioned in LEGAL file even the author is unknown. I would set fedora-review- flag now, but you already canceled this :) Thank you for this.

Maybe with a huge amount of work (on upstream level) it is possible to fix these issues, but as there are so many files without license info...


Note You need to log in before you can comment on or make changes to this bug.