Bug 198691 - Review Request: steghide - A Steganography Program
Summary: Review Request: steghide - A Steganography Program
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
Target Milestone: ---
Assignee: Chris Weyl
QA Contact: Fedora Package Reviews List
Keywords: Reopened
Depends On:
TreeView+ depends on / blocked
Reported: 2006-07-12 20:15 UTC by Jochen Schmitt
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-07-24 15:13:10 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Jochen Schmitt 2006-07-12 20:15:31 UTC
Spec: http://www.herr-schmitt.de/pub/steghide/steghide.spec
SRPM: http://www.herr-schmitt.de/pub/steghide/steghide-0.5.1-1.src.rpm

Steghide is a steganography program that is able to hide data in various kinds
of image- and audio-files. The color- respectivly sample-frequencies are not
changed thus making the embedding resistant against first-order statistical
tests. Features of steghide include compression and encryption of embedded

embedding of a checksum to verify the integrity of the extracted data and
support for jpeg, bmp, wav and au files.

Comment 1 Parag AN(पराग) 2006-07-13 19:01:29 UTC
== Not an official review as I'm not yet sponsored ==
   Mock build for development i386 is sucessfull with warnings 
CvrStgObject.h:40: warning: 'class CvrStgObject' has virtual functions but
non-virtual destructor
MCryptPPTest.cc: In member function 'bool MCryptPPTest::genericTestDecryption()':
MCryptPPTest.cc:47: warning: control reaches end of non-void function
MCryptPPTest.cc: In member function 'bool MCryptPPTest::genericTestEncryption()':
MCryptPPTest.cc:43: warning: control reaches end of non-void function

* MUST Items:
      - rpmlint shows no error. 
      - dist tag is present.
      - The package is named according to the Package Naming Guidelines.
      - The spec file name matching the base package steghide, in the
format steghide.spec.
      - This package meets the Packaging Guidelines.
      - The spec file for the package MUST be legible.
      - The package is licensed with an open-source compatible license GPL.
      - This package includes License file COPYING.
      - This source package includes the text of the license in its own file,and
that file, containing the text of the license for the package is included in %doc.
      - The sources used to build the package matches the upstream source,
as provided in the spec URL. md5sum is correct (5be490e24807d921045780fd8cc446b3)
      - This package successfully compiled and built into binary rpms for i386
      - This package did not containd any ExcludeArch.
      - This package handled locales properly. This is done by using the
%find_lang macro. Not used %{_datadir}/locale/*.
      - This package owns all directories that it creates. 
      - This package did not contain any duplicate files in the %files
      - This package  have a %clean section, which contains rm -rf
      - This package used macros.
      - Document files are included like README.
      - Package did NOT contained any .la libtool archives.

      * Source URL is present and working.
      * BuildRoot is correct BuildRoot:       
%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
      * BuildRequires is correct
      * Package is working fine on i386.

Comment 2 Paul Howarth 2006-07-13 19:48:48 UTC
Bug appears to have been closed by mistake

Comment 3 Chris Weyl 2006-07-21 04:04:54 UTC

Good first pass at a review.  Note that compiler warnings like that are
generally disregarded for the purposes of review, unless it's something
_serious_ or correctable on our end.  But, that being said, when in doubt, note it.

The MUSTs are good places to start for reviews, as you've discovered...  I
encourage you to look at the other templates people are using (or patently
stealing, like me <grin>).  Keep it up, you're improving each time around.


I'd recommend addressing the rpmlint warning below as it's a lot of visual
spam otherwise, but it's not a blocker.

+ package meets naming and packaging guidelines.
+ specfile is properly named, is cleanly written and uses macros consistently.
+ dist tag is present.
+ build root is correct.
+ license field matches the actual license.
+ license is open source-compatible.  License text included in package.
+ source files match upstream:
 5be490e24807d921045780fd8cc446b3  steghide-0.5.1.tar.gz
 5be490e24807d921045780fd8cc446b3  steghide-0.5.1.tar.gz.srpm
+ latest version is being packaged.
+ BuildRequires are proper.
+ package builds in mock (5+devel/x86_64).
+ rpmlint is silent on binary package
O rpmlint issues warming on source package (ignorable)
W: steghide setup-not-quiet
+ final provides and requires are sane:
 == provides
 steghide = 0.5.1-1.fc5
 == requires
+ no shared libraries are present.
+ package is not relocatable.
+ owns the directories it creates.
+ doesn't own any directories it shouldn't.
+ no duplicates in %files.
+ file permissions are appropriate.
+ %clean is present.
+ %check is present and all tests pass:
+ no scriptlets present.
+ code, not content.
+ documentation is small, so no -docs subpackage is necessary.
+ %docs are not necessary for the proper functioning of the package.
+ no headers.
+ no pkgconfig files.
+ no libtool .la droppings.
+ not a GUI app.
+ not a web app.


Note You need to log in before you can comment on or make changes to this bug.