Bug 198691 - Review Request: steghide - A Steganography Program
Review Request: steghide - A Steganography Program
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chris Weyl
Fedora Package Reviews List
: Reopened
Depends On:
Blocks: FE-ACCEPT
  Show dependency treegraph
 
Reported: 2006-07-12 16:15 EDT by Jochen Schmitt
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-24 11:13:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jochen Schmitt 2006-07-12 16:15:31 EDT
Spec: http://www.herr-schmitt.de/pub/steghide/steghide.spec
SRPM: http://www.herr-schmitt.de/pub/steghide/steghide-0.5.1-1.src.rpm

Steghide is a steganography program that is able to hide data in various kinds
of image- and audio-files. The color- respectivly sample-frequencies are not
changed thus making the embedding resistant against first-order statistical
tests. Features of steghide include compression and encryption of embedded
data,

embedding of a checksum to verify the integrity of the extracted data and
support for jpeg, bmp, wav and au files.
Comment 1 Parag AN(पराग) 2006-07-13 15:01:29 EDT
== Not an official review as I'm not yet sponsored ==
   Mock build for development i386 is sucessfull with warnings 
CvrStgObject.h:40: warning: 'class CvrStgObject' has virtual functions but
non-virtual destructor
MCryptPPTest.cc: In member function 'bool MCryptPPTest::genericTestDecryption()':
MCryptPPTest.cc:47: warning: control reaches end of non-void function
MCryptPPTest.cc: In member function 'bool MCryptPPTest::genericTestEncryption()':
MCryptPPTest.cc:43: warning: control reaches end of non-void function


* MUST Items:
      - rpmlint shows no error. 
      - dist tag is present.
      - The package is named according to the Package Naming Guidelines.
      - The spec file name matching the base package steghide, in the
format steghide.spec.
      - This package meets the Packaging Guidelines.
      - The spec file for the package MUST be legible.
      - The package is licensed with an open-source compatible license GPL.
      - This package includes License file COPYING.
      - This source package includes the text of the license in its own file,and
that file, containing the text of the license for the package is included in %doc.
      - The sources used to build the package matches the upstream source,
as provided in the spec URL. md5sum is correct (5be490e24807d921045780fd8cc446b3)
      - This package successfully compiled and built into binary rpms for i386
architecture.
      - This package did not containd any ExcludeArch.
      - This package handled locales properly. This is done by using the
%find_lang macro. Not used %{_datadir}/locale/*.
      - This package owns all directories that it creates. 
      - This package did not contain any duplicate files in the %files
listing.
      - This package  have a %clean section, which contains rm -rf
$RPM_BUILD_ROOT.
      - This package used macros.
      - Document files are included like README.
      - Package did NOT contained any .la libtool archives.

Also,
      * Source URL is present and working.
      * BuildRoot is correct BuildRoot:       
%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
      * BuildRequires is correct
      * Package is working fine on i386.
Comment 2 Paul Howarth 2006-07-13 15:48:48 EDT
Bug appears to have been closed by mistake
Comment 3 Chris Weyl 2006-07-21 00:04:54 EDT
Parag:

Good first pass at a review.  Note that compiler warnings like that are
generally disregarded for the purposes of review, unless it's something
_serious_ or correctable on our end.  But, that being said, when in doubt, note it.

The MUSTs are good places to start for reviews, as you've discovered...  I
encourage you to look at the other templates people are using (or patently
stealing, like me <grin>).  Keep it up, you're improving each time around.

Jochen:

I'd recommend addressing the rpmlint warning below as it's a lot of visual
spam otherwise, but it's not a blocker.

+ package meets naming and packaging guidelines.
+ specfile is properly named, is cleanly written and uses macros consistently.
+ dist tag is present.
+ build root is correct.
+ license field matches the actual license.
+ license is open source-compatible.  License text included in package.
+ source files match upstream:
 5be490e24807d921045780fd8cc446b3  steghide-0.5.1.tar.gz
 5be490e24807d921045780fd8cc446b3  steghide-0.5.1.tar.gz.srpm
+ latest version is being packaged.
+ BuildRequires are proper.
+ package builds in mock (5+devel/x86_64).
+ rpmlint is silent on binary package
O rpmlint issues warming on source package (ignorable)
W: steghide setup-not-quiet
+ final provides and requires are sane:
 steghide-0.5.1-1.fc5.x86_64.rpm
 == provides
 steghide = 0.5.1-1.fc5
 == requires
 libc.so.6()(64bit)
 libgcc_s.so.1()(64bit)
 libgcc_s.so.1(GCC_3.0)(64bit)
 libjpeg.so.62()(64bit)
 libm.so.6()(64bit)
 libm.so.6(GLIBC_2.2.5)(64bit)
 libmcrypt.so.4()(64bit)
 libmhash.so.2()(64bit)
 libstdc++.so.6()(64bit)
 libstdc++.so.6(CXXABI_1.3)(64bit)
 libstdc++.so.6(CXXABI_1.3.1)(64bit)
 libstdc++.so.6(GLIBCXX_3.4)(64bit)
 libz.so.1()(64bit)
+ no shared libraries are present.
+ package is not relocatable.
+ owns the directories it creates.
+ doesn't own any directories it shouldn't.
+ no duplicates in %files.
+ file permissions are appropriate.
+ %clean is present.
+ %check is present and all tests pass:
+ no scriptlets present.
+ code, not content.
+ documentation is small, so no -docs subpackage is necessary.
+ %docs are not necessary for the proper functioning of the package.
+ no headers.
+ no pkgconfig files.
+ no libtool .la droppings.
+ not a GUI app.
+ not a web app.

APPROVED

Note You need to log in before you can comment on or make changes to this bug.