Bug 2237756 - Review Request: rust-faster-hex - Fast hex encoding
Summary: Review Request: rust-faster-hex - Fast hex encoding
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Fabio Valentini
QA Contact: Fedora Extras Quality Assurance
URL: https://crates.io/crates/faster-hex
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-09-06 18:02 UTC by blinxen
Modified: 2023-09-12 20:25 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-09-12 20:25:36 UTC
Type: ---
Embargoed:
decathorpe: fedora-review+


Attachments (Terms of Use)

Description blinxen 2023-09-06 18:02:37 UTC
Spec URL: https://blinxen.fedorapeople.org/rust-faster-hex/rust-faster-hex.spec
SRPM URL: https://blinxen.fedorapeople.org/rust-faster-hex/rust-faster-hex-0.8.1-1.fc40.src.rpm

Description:
Fast hex encoding.

Fedora Account System Username: blinxen

Comment 1 blinxen 2023-09-06 18:02:39 UTC
This package built on koji:  https://koji.fedoraproject.org/koji/taskinfo?taskID=105831761

Comment 2 Fedora Review Service 2023-09-06 18:09:46 UTC
Copr build:
https://copr.fedorainfracloud.org/coprs/build/6379268
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2237756-rust-faster-hex/fedora-rawhide-x86_64/06379268-rust-faster-hex/fedora-review/review.txt

Please take a look if any issues were found.

---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.

Comment 3 Fabio Valentini 2023-09-07 11:41:53 UTC
Hm, parts of this package need attention:

- hex *is* packaged, the dev-dependency in this crate is just outdated (v0.3 vs. v0.4 in Fedora).
  hex v0.3 is at this point over 5 years old, the upstream project should definitely update.
  I don't think there's been many breaking API changes between v0.3 and v0.4, you might be able to just bump the dependency.

- rustc-hex has been deprecated for years, and it also appears to be an entirely unused dependency.
  You should just be able to remove it.

- The project contains copies / modified copies of two other projects (rust standard library, fast-hex):
  fast-hex appears to be licensed MIT as well, so this should be OK
  rust standard library is MIT OR Apache-2.0, which is not reflected in crate metadata (and the Apache-2.0 license text is not included)

  I'm not sure if the crate saying "I'm taking rust standard library code and choose to just apply the MIT" is OK.
  Either way, you would at least need to mark the files in the LICENSE-THIRD-PARTY folder as %license.

Comment 4 blinxen 2023-09-12 17:11:10 UTC
> hex *is* packaged, the dev-dependency in this crate is just outdated (v0.3 vs. v0.4 in Fedora).
> hex v0.3 is at this point over 5 years old, the upstream project should definitely update.
> I don't think there's been many breaking API changes between v0.3 and v0.4, you might be able to just bump the dependency.

Patching `Cargo.toml` to v0.4 seemed to work and all tests pass. Thanks for the hint :D
Will also create a PR upstream soon.

> rustc-hex has been deprecated for years, and it also appears to be an entirely unused dependency
> You should just be able to remove it.

I removed it alongside `criterion`

> The project contains copies / modified copies of two other projects (rust standard library, fast-hex):
> fast-hex appears to be licensed MIT as well, so this should be OK
> rust standard library is MIT OR Apache-2.0, which is not reflected in crate metadata (and the Apache-2.0 license text is not included)

> I'm not sure if the crate saying "I'm taking rust standard library code and choose to just apply the MIT" is OK.
> Either way, you would at least need to mark the files in the LICENSE-THIRD-PARTY folder as %license.

I have added both license files with the `%license` directive.
However I don't think upstream has to use or specify Apache-2.0 in the crate metadata
because the source code is released under Apache-2.0 or MIT. So picking just one should be fine. No?

Links to the uploaded files:
Spec URL: https://blinxen.fedorapeople.org/rust-faster-hex/rust-faster-hex.spec
SRPM URL: https://blinxen.fedorapeople.org/rust-faster-hex/rust-faster-hex-0.8.1-1.fc40.src.rpm

Comment 5 Fabio Valentini 2023-09-12 19:46:03 UTC
Yeah, I think this is fine now. Using everything as "MIT" is clearly what the upstream project intended. Thanks!

The patch to update the hex dev-dependency and to drop the rustc-hex dependency would be applicable to upstream, it would be great if they could be submitted via PR or something like that.

===


Package was generated with rust2rpm, simplifying the review.

- package builds and installs without errors on rawhide
- test suite is run and all unit tests pass
- latest version of the crate is packaged
- license matches upstream specification (MIT) and is acceptable for Fedora
- license files are included with %license in %files
- package complies with Rust Packaging Guidelines

Package APPROVED.

===

Recommended post-import rust-sig tasks:

- set up package on release-monitoring.org:
  project: $crate
  homepage: https://crates.io/crates/$crate
  backend: crates.io
  version scheme: semantic
  version filter: alpha;beta;rc;pre
  distro: Fedora
  Package: rust-$crate

- add @rust-sig with "commit" access as package co-maintainer
  (should happen automatically)

- set bugzilla assignee overrides to @rust-sig (optional)

- track package in koschei for all built branches
  (should happen automatically once rust-sig is co-maintainer)

Comment 6 Fedora Admin user for bugzilla script actions 2023-09-12 19:54:23 UTC
The Pagure repository was created at https://src.fedoraproject.org/rpms/rust-faster-hex

Comment 7 Fedora Update System 2023-09-12 20:23:04 UTC
FEDORA-2023-d6f222e40c has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-d6f222e40c

Comment 8 Fedora Update System 2023-09-12 20:25:36 UTC
FEDORA-2023-d6f222e40c has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.