Spec URL: https://shadowd.zecure.org/files/redhat/shadowd.spec SRPM URL: https://shadowd.zecure.org/files/redhat/shadowd-1.0.0-1.fc21.src.rpm Description: Shadow Daemon is a collection of tools to detect, protocol and prevent attacks on web applications. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability. This component is the background server that handles the analysis and storage of requests. Fedora Account System Username: zithb This is my first package and I need a sponsor. I am also the upstream maintainer of the project. A Koji report can be found here: http://koji.fedoraproject.org/koji/taskinfo?taskID=8719873 Thanks in advance!
This is an unofficial review. Skimming through the spec file and a quick review made me point out following problems. Please have a look at points below. - You should either macro style (%{buildroot}) or variable style ($RPM_BUILD_ROOT) consistently throughout the spec file. Mixing both of these is bad from usability point of view. Please use one style throughout the spec file. See : http://fedoraproject.org/wiki/Packaging:Guidelines#Using_.25.7Bbuildroot.7D_and_.25.7Boptflags.7D_vs_.24RPM_BUILD_ROOT_and_.24RPM_OPT_FLAGS - defattr is not needed for rpm >=4.4. See : http://fedoraproject.org/wiki/Packaging:Guidelines#File_Permissions - rpmlint output : Checking: shadowd-1.0.0-1.fc21.x86_64.rpm shadowd-1.0.0-1.fc21.src.rpm shadowd.x86_64: E: explicit-lib-dependency libdbi-dbd-mysql shadowd.x86_64: E: explicit-lib-dependency libdbi-dbd-pgsql shadowd.x86_64: W: spelling-error %description -l en_US expandability -> expand ability, expand-ability, dependability shadowd.x86_64: W: non-standard-gid /etc/shadowd/shadowd.ini shadowd shadowd.x86_64: E: non-readable /etc/shadowd/shadowd.ini 0640L shadowd.src: W: spelling-error %description -l en_US expandability -> expand ability, expand-ability, dependability shadowd.src: W: strange-permission shadowd.spec 0666L shadowd.src: W: strange-permission shadowd.service 0666L shadowd.src: W: strange-permission shadowd-1.0.0.tar.gz 0666L 2 packages and 0 specfiles checked; 3 errors, 6 warnings.
Okay, I updated it. Some of the rpmlint output will remain: * libdbi-dbd-mysql and libdbi-dbd-pgsql are runtime dependencies that are not detected automatically * expandability is not in this dictionary, but it is not an uncommon word either * the permissions and owner of shadowd.ini are security requirements
Also it would be better to have each BR in a separate line. That is easier to review in git when there is a change.
Also, please increase the release next time you adjust the SPEC, it makes it easier to compare SRPMS.
This is an automatic check from review-stats script. This review request ticket hasn't been updated for some time. We're sorry it is taking so long. If you're still interested in packaging this software into Fedora repositories, please respond to this comment clearing the NEEDINFO flag. You may want to update the specfile and the src.rpm to the latest version available and to propose a review swap on Fedora devel mailing list to increase chances to have your package reviewed. If this is your first package and you need a sponsor, you may want to post some informal reviews. Read more at https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group. Without any reply, this request will shortly be considered abandoned and will be closed. Thank you for your patience.
Hi @hb, Do you still want this package to be reviewed?
(In reply to Didik Supriadi from comment #6) > Hi @hb, > Do you still want this package to be reviewed? Hi Didik, thanks, it is not necessary anymore. I have stopped providing Red Hat packages and now distribute it as a Docker image only.