Bug 2227502 - Review Request: cmark-gfm - GitHub's fork of cmark
Summary: Review Request: cmark-gfm - GitHub's fork of cmark
Keywords:
Status: ASSIGNED
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Tom Rix
QA Contact: Fedora Extras Quality Assurance
URL: https://www.github.com/github/cmark-gfm
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-07-30 11:27 UTC by Benson Muite
Modified: 2024-03-01 17:29 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:
xavier: fedora-review?


Attachments (Terms of Use)

Description Benson Muite 2023-07-30 11:27:56 UTC
spec: https://download.copr.fedorainfracloud.org/results/fed500/mindforger/fedora-rawhide-x86_64/06223286-cmark-gfm/cmark-gfm.spec
srpm: https://download.copr.fedorainfracloud.org/results/fed500/mindforger/fedora-rawhide-x86_64/06223286-cmark-gfm/cmark-gfm-0.29.0.gfm.13-1.fc39.src.rpm

Description:
An extended version of the C reference implementation of CommonMark,
a rationalized version of Markdown syntax with a spec.


fas: fed500

Reproducible: Always

Comment 1 Fedora Review Service 2023-07-30 11:36:04 UTC
Copr build:
https://copr.fedorainfracloud.org/coprs/build/6223282
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2227502-cmark-gfm/fedora-rawhide-x86_64/06223282-cmark-gfm/fedora-review/review.txt

Please take a look if any issues were found.

---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.

Comment 2 Tom Rix 2023-09-03 13:27:30 UTC
There are at least 2 other cmark's.. what's one more ?
It would be good if cmark-gfm.spec was consistent with cmark.spec, with additions to the description on why a user would want to use this version over the the other.  It's github's fork.  Why would someone want to use this ?  Looking for something simple like .. 'Needed to run this or that github workflow .. ' added to the description.

I looked at houdini.
Would it be worth its own package ?

Review the houdini source and the list of files that are claimed to have an MIT license.
It looks like cmark and cmark-gfm's use a derivative of houdini's buffer.*
The copyright boiler plate from houdini has been stripped from the cmark version.

/*                                                                                                                                 
 * Copyright (C) the libgit2 contributors. All rights reserved.                                                                    
 *                                                                                                                                 
 * This file is part of libgit2, distributed under the GNU GPL v2 with                                                             
 * a Linking Exception. For full terms see the included COPYING file.                                                              
 */ 

gpl v2 != mit
And stripping copyrights is not good.
This license and copyright problem should be resolved in the upstream.
If it can't, then add gpl v2 to the license list in the rpm, with a detail explanation on the provenance of the buffer files.
This also effects the other cmark's in fedora.

Comment 3 Benson Muite 2023-09-04 11:18:28 UTC
Thanks, included code seems to have been relicensed:
https://github.com/commonmark/cmark/issues/480

Comment 4 Tom Rix 2023-09-04 13:13:41 UTC
Is vmg the copyright holder for all these files ?
The stripping of copy right headers and relicensing should be done only by the holder.
ex/ utf8.h's copyright was stripped from utf8proc.h's and it says

'The above copyright notice and this permission notice shall be included with all copies
or substantial portions of the Software'

When the header is removed, a new user could copy utf8.* to some new project and then
the notice would not go with it.

Comment 5 Benson Muite 2023-09-06 09:15:36 UTC
For utf8.h and utf8.c the notice is in the Copying file:
https://github.com/github/cmark-gfm/blob/master/COPYING#L78

Maybe it is best to suggest retaining copyright notices at the top of each file derived from other sources?

Can package houdini separately, would need to update it to a shared library.

buffer.c and buffer.h were added in commit afeecf4f262b74270368ef8a70c582ea9d5a18e8 in libgit2 https://github.com/libgit2/libgit2 by vmg author of houdini so expect relicensing of these is ok.

Cannot find chunk.h in the libgit2 history

It was added to cmark-gfm by vmg:
https://github.com/github/cmark-gfm/commit/460d46c62b0675f2fab6f103bb9f0d185a73eebb

Comment 6 Tom Rix 2023-09-06 13:07:49 UTC
I have opened this issue
https://github.com/github/cmark-gfm/issues/348

Comment 7 Tom Rix 2023-09-10 13:09:10 UTC
No response yet..
Maybe reference the COPYING file directly in the spec file and provide some comments on the provenance of the the files in question.

The version in the changelog looks off, can this change to be what is really used ?

If you have some time and interest, could you review another pytorch related package ?https://bugzilla.redhat.com/show_bug.cgi?id=2238217

Comment 8 Tom Rix 2023-09-21 13:20:26 UTC
Still no response.
How about we go with what I recommended above and respin the spec with some comments ?

Comment 9 Benson Muite 2023-09-21 16:08:20 UTC
Raised an issue in the original repository:
https://github.com/commonmark/cmark/issues/480

Will make a pull request that adds the header information, then try to update cmark-gfm

Comment 10 Benson Muite 2023-09-23 07:25:47 UTC
https://github.com/commonmark/cmark/pull/483

Comment 11 Tom Rix 2023-12-15 01:53:25 UTC
Did you want to add this as a patch and go forward with the package ?

Comment 12 Benson Muite 2023-12-28 07:23:33 UTC
Will wait until January to see if get feedback on the pull request.


Note You need to log in before you can comment on or make changes to this bug.