Bug 225746 - Merge Review: fedora-release
Merge Review: fedora-release
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nigel Jones
Fedora Package Reviews List
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-31 13:35 EST by Nobody's working on this, feel free to take it
Modified: 2013-01-09 23:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 7.89-3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-30 20:36:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
dev: fedora‑review+
tibbs: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Nobody's working on this, feel free to take it 2007-01-31 13:35:45 EST
Fedora Merge Review: fedora-release

http://cvs.fedora.redhat.com/viewcvs/devel/fedora-release/
Initial Owner: jkeating@redhat.com
Comment 1 Roozbeh Pournader 2007-02-03 18:12:42 EST
rpmlint's output:
RPM:
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-test
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-legacy
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide
W: fedora-release non-conffile-in-etc /etc/fedora-release
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-extras
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide

SRPM:
W: fedora-release unversioned-explicit-obsoletes redhat-release
W: fedora-release unversioned-explicit-provides redhat-release
Comment 2 Roozbeh Pournader 2007-02-03 23:02:22 EST
Partial review:

BLOCKERS:
* No upstream tarball to compare with included tarball (MUST item)
* Version of source (6) doesn't match package version (6.90)
* Description field is the same as summary field.
* Licensing is quite varied and contradictory:
  - The License field mentions GFDL, while no mention of such a license exists
    in the tarball contents.
  - The tarball contains a copy of GPL, while no file in the package is actually
    licensed under the GPL either.
  - The license for the program "eula.py" is not mentioned in its header, making
    it proprietary software.
  - The file "README-Accessibility" in the package says "Copyright © 2003 by
    Red Hat, Inc." (no mention of license, free or not)
  - The file "eula.txt" in the package says "Copyright (C) 2003, 2004, 2005,
    2006 Fedora Project.  All rights reserved." (definitely not free) and also
    mentions a few trademarks.
* The file "eula.txt" mentions weird things:
  - It says there is something called "Fedora Core". What is that? ;-)
  - It talks about "Fedora Core 6". But it's for "Fedora 7 test-something" or
    "Fedora Rawhide" or something.
  - It says that "The end user license agreement for each component is located
    in the component's source code." Rarely true. Instead, the source code
    usually contains a copyright license (like the GPL, which free software
    usually has), not an end user license agreement (which proprietary software
    usually has).
  - It says that except "certain image files containing the Fedora trademark",
    the license terms allow one to "[...] modify, and redistribute the
    component". Not always true, considering packages that are only
    "Distributable". Not always true because of Section 5 either.
  - It talks about a package named "anaconda-images", which does not exist in
    Fedora anymore.
  - In its Section 5, it requires things from users in Pakistan and basically
    asks them to "represent and warrant" that they will not help their
    neighbor[ing countries] and ask the US government for
    permission for giving a copy of the software (parts of which he may have
    written himself) to his friend, among other things.
  - I totally prefer licenses that say "You are not required to accept this
    License, since you have not signed it" (from GPL clause 5), instead of those 
    who say "By downloading, installing or using the Software, User agrees to
    the terms of this agreement." Who has written this anyway? ;-)
  - /me escapes

SUGGESTIONS:
* "fedora-release-6" or a part of it could become a macro. At the minimum could
be replace with "%{name}-6".
* Use %{_sysconfdir} instead of /etc
* Use %{_datadir} instead of /usr/share
* Use "cp -p" and "install -p" instead of "cp" and "install" everywhere
* Use "%defattr(-,root,root,-)" instead of "%defattr(-,root,root)"
Comment 3 Ville Skyttä 2007-02-04 07:41:19 EST
Is fedora-release-notes really required by this package?
http://martin.hates-software.com/2007/02/03/fb463e68.html
Comment 4 Jesse Keating 2007-02-13 16:39:56 EST
(In reply to comment #2)
> Partial review:
> 
> BLOCKERS:
> * No upstream tarball to compare with included tarball (MUST item)

Fedora is the upstream for this, our preferred method of distribution is srpm. 
For this reason there is no "upstream" tarball.  I do believe there are
guidelines being proposed to make this acceptable.

> * Version of source (6) doesn't match package version (6.90)

This has already been fixed.

> * Description field is the same as summary field.

How is this a blocker?

> * Licensing is quite varied and contradictory:
>   - The License field mentions GFDL, while no mention of such a license exists
>     in the tarball contents.

I changed this to GPL

>   - The tarball contains a copy of GPL, while no file in the package is actually
>     licensed under the GPL either.

The eula.py file is GPL now.

>   - The license for the program "eula.py" is not mentioned in its header, making
>     it proprietary software.

Fixed this.

>   - The file "README-Accessibility" in the package says "Copyright © 2003 by
>     Red Hat, Inc." (no mention of license, free or not)

This file isn't packaged anymore, removing it.

>   - The file "eula.txt" in the package says "Copyright (C) 2003, 2004, 2005,
>     2006 Fedora Project.  All rights reserved." (definitely not free) and also
>     mentions a few trademarks.
> * The file "eula.txt" mentions weird things:
>   - It says there is something called "Fedora Core". What is that? ;-)
>   - It talks about "Fedora Core 6". But it's for "Fedora 7 test-something" or
>     "Fedora Rawhide" or something.
>   - It says that "The end user license agreement for each component is located
>     in the component's source code." Rarely true. Instead, the source code
>     usually contains a copyright license (like the GPL, which free software
>     usually has), not an end user license agreement (which proprietary software
>     usually has).
>   - It says that except "certain image files containing the Fedora trademark",
>     the license terms allow one to "[...] modify, and redistribute the
>     component". Not always true, considering packages that are only
>     "Distributable". Not always true because of Section 5 either.
>   - It talks about a package named "anaconda-images", which does not exist in
>     Fedora anymore.
>   - In its Section 5, it requires things from users in Pakistan and basically
>     asks them to "represent and warrant" that they will not help their
>     neighbor[ing countries] and ask the US government for
>     permission for giving a copy of the software (parts of which he may have
>     written himself) to his friend, among other things.
>   - I totally prefer licenses that say "You are not required to accept this
>     License, since you have not signed it" (from GPL clause 5), instead of those 
>     who say "By downloading, installing or using the Software, User agrees to
>     the terms of this agreement." Who has written this anyway? ;-)
>   - /me escapes
>

I'm not touching the eula.txt.  This comes straight from our Legal team.  Best
bring it up to the Fedora Advisory Board and have it be an item to discuss with
Legal.

> SUGGESTIONS:
> * "fedora-release-6" or a part of it could become a macro. At the minimum could
> be replace with "%{name}-6".
> * Use %{_sysconfdir} instead of /etc
> * Use %{_datadir} instead of /usr/share

Too much of our stuff is hardcoded to depend on these things being in /etc, it
doesn't make sense to macroize it in the spec.

> * Use "cp -p" and "install -p" instead of "cp" and "install" everywhere

Fixed (use install -d instead of mkdir)

> * Use "%defattr(-,root,root,-)" instead of "%defattr(-,root,root)"

Fixed.

http://people.redhat.com/jkeating/fedora-release.spec 

Comment 5 Jesse Keating 2007-02-13 16:42:20 EST
(In reply to comment #3)
> Is fedora-release-notes really required by this package?
> http://martin.hates-software.com/2007/02/03/fb463e68.html

fedora-release-notes was split out of fedora-release during FC5 I think, maybe
6.  This allowed for the docs folks to work on the release notes easier. 
However we need to have the Requires so that folks upgrading don't lose the
relesae notes, and yes, we'd generally like the release notes to always be there
and not have to be specifically asked for.
Comment 6 Jesse Keating 2007-04-10 16:24:05 EDT
Any update on this, would like to close this out.
Comment 7 Jesse Keating 2007-06-25 10:24:24 EDT
Seeking a new reviewer.
Comment 8 Nigel Jones 2007-06-27 19:14:25 EDT
(In reply to comment #7)
> Seeking a new reviewer.

I'm shocked that this hasn't had a full review yet, I'll take a look when I get 
home.
Comment 9 Nigel Jones 2007-06-28 09:31:06 EDT
Package name:             OK (fedora-release)
License:                  FAIL (GFDL vs. GPL)
Spec Legible:             OK (en_US) (see note)
md5sum matches:           NA (fedora = upstream)
rpmlint clean:            WARN
Builds correctly:         OK (noarch)
Spec has %clean:          OK
Macro use consistant:     OK
Contains code/content:    OK
-doc subpackage:          NA
-devel subpackage:        NA
-static subpackage:       NA
pkgconfig depend:         NA
Contains %doc:            OK (GPL)
Library suffix:           NA
No .la files:             NA
Use desktop-file-install: NA
No duplicate ownerships:  OK
rm -rf %{buildroot}:      OK
RPM uses valid UTF-8:     OK
%defattr is set:          OK (see note)
No duplicate %files:      OK
Not relocatable:          OK
Calls ldconfig:           NA
Supports Locales:         NA
BR's are correct:         OK

%files
%defattr(-,root,root,-)
%attr(0644,root,root) /etc/fedora-release
/etc/redhat-release
%dir /etc/yum.repos.d
%config(noreplace) /etc/yum.repos.d/*
%doc GPL
%config(noreplace) %attr(0644,root,root) /etc/issue
%config(noreplace) %attr(0644,root,root) /etc/issue.net
%config(noreplace) %attr(0644,root,root) /etc/rpm/macros.dist
%dir /etc/pki/rpm-gpg
/etc/pki/rpm-gpg/*

Makes me want to scream!
1. Please oh please don't put a %doc in the middle of a list of /etc files
2. %attr's seem redundant, 0644 can be implyed with install or even cp
3. I *think* %dir /etc/pki/rpm-gpg is redundant
4. I believe %{_sysconfdir} is perfered over /etc/file

Spec file claims GFDL where the tarball provides GPL

rpmlint:
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-test
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
W: fedora-release non-conffile-in-etc /etc/fedora-release
W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide
W: fedora-release unversioned-explicit-obsoletes redhat-release
W: fedora-release unversioned-explicit-provides redhat-release

(last two are okay)

I'll set to reviewed when changes hit cvs
Comment 10 Jesse Keating 2007-06-28 10:32:28 EDT
(In reply to comment #9)
> License:                  FAIL (GFDL vs. GPL)

Will fix.

> %files
> %defattr(-,root,root,-)
> %attr(0644,root,root) /etc/fedora-release
> /etc/redhat-release
> %dir /etc/yum.repos.d
> %config(noreplace) /etc/yum.repos.d/*
> %doc GPL
> %config(noreplace) %attr(0644,root,root) /etc/issue
> %config(noreplace) %attr(0644,root,root) /etc/issue.net
> %config(noreplace) %attr(0644,root,root) /etc/rpm/macros.dist
> %dir /etc/pki/rpm-gpg
> /etc/pki/rpm-gpg/*
> 
> Makes me want to scream!
> 1. Please oh please don't put a %doc in the middle of a list of /etc files

Heh, will move up.  Love inherited packages.

> 2. %attr's seem redundant, 0644 can be implyed with install or even cp

Yeah, probably best to do it at install time.

> 3. I *think* %dir /etc/pki/rpm-gpg is redundant

Maybe.  We want to own that dir and not just the files within it.  Will experiment.

> 4. I believe %{_sysconfdir} is perfered over /etc/file

Preferred but not necessary.  Will consider.

> Spec file claims GFDL where the tarball provides GPL

Yeah, need to fix that.

> rpmlint:
> W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY
> W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta
> W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-test
> W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide
> W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora

That's correct, these aren't config files, they're data... that happens to live
in a config directory.

> W: fedora-release non-conffile-in-etc /etc/fedora-release

We want to overwrite this file on upgrades.  Suppose it could be config but
without noreplace.

> W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide

See above about other gpg keys.

> W: fedora-release unversioned-explicit-obsoletes redhat-release
> W: fedora-release unversioned-explicit-provides redhat-release
> 
> (last two are okay)
> 
> I'll set to reviewed when changes hit cvs

Working....
Comment 11 Jesse Keating 2007-06-28 11:09:18 EDT
I changed the license, marked /etc/fedora-release as a config file (but not
noreplace), removed noreplace from the macros.dist file.

I left the defatters alone as we don't install or copy those files during
%install, we echo directly into those files, so we need to set the perms. 
Changes committed to CVS, will wait for approval to do another build.
Comment 12 Nigel Jones 2007-06-28 18:59:11 EDT
(In reply to comment #9)
> Package name:             OK (fedora-release)
> License:                  FAIL (GFDL vs. GPL)
OX
> Spec Legible:             OK (en_US) (see note)
> md5sum matches:           NA (fedora = upstream)
> rpmlint clean:            WARN
Acceptable
> Builds correctly:         OK (noarch)
> Spec has %clean:          OK
> Macro use consistant:     OK
> Contains code/content:    OK
> -doc subpackage:          NA
> -devel subpackage:        NA
> -static subpackage:       NA
> pkgconfig depend:         NA
> Contains %doc:            OK (GPL)
> Library suffix:           NA
> No .la files:             NA
> Use desktop-file-install: NA
> No duplicate ownerships:  OK
> rm -rf %{buildroot}:      OK
> RPM uses valid UTF-8:     OK
> %defattr is set:          OK (see note)
Acceptable
> No duplicate %files:      OK
> Not relocatable:          OK
> Calls ldconfig:           NA
> Supports Locales:         NA
> BR's are correct:         OK

> %files
> %defattr(-,root,root,-)
> %attr(0644,root,root) /etc/fedora-release
> /etc/redhat-release
> %dir /etc/yum.repos.d
> %config(noreplace) /etc/yum.repos.d/*
> %doc GPL
> %config(noreplace) %attr(0644,root,root) /etc/issue
> %config(noreplace) %attr(0644,root,root) /etc/issue.net
> %config(noreplace) %attr(0644,root,root) /etc/rpm/macros.dist
> %dir /etc/pki/rpm-gpg
> /etc/pki/rpm-gpg/*
This looks much better
> Makes me want to scream!
> 1. Please oh please don't put a %doc in the middle of a list of /etc files
> 2. %attr's seem redundant, 0644 can be implyed with install or even cp
> 3. I *think* %dir /etc/pki/rpm-gpg is redundant
> 4. I believe %{_sysconfdir} is perfered over /etc/file
All fixed or with reasoning, I will once again note that we pull up people for 
using /etc instead of %{_sysconfdir}

(In reply to comment #10)
> (In reply to comment #9)
> > rpmlint:
> > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY
> > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta
> > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-
test
> > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-
rawhide
> > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
> That's correct, these aren't config files, they're data... that happens to 
live
> in a config directory.
> > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide
> See above about other gpg keys.

I wonder, would these be better in /usr/share/fedora or similar? 
(/usr/share/fedora/gpg/RPM-GPG-KEY-whatever).

A symlink could be created to keep 3rd party repos happy.

Otherwise, all fine, go ahead and build like crazy :P
Comment 13 Jesse Keating 2008-10-01 18:12:50 EDT
Package Change Request
======================
Package Name: fedora-release
New Branches: F-10
Comment 14 Huzaifa S. Sidhpurwala 2008-10-03 02:06:07 EDT
cvs done
Comment 15 Jesse Keating 2009-03-30 17:00:15 EDT
Package Change Request
======================
Package Name: fedora-release
New Branches: F-11
Comment 16 Kevin Fenzi 2009-03-30 17:21:41 EDT
cvs done.
Comment 17 Jesse Keating 2009-08-28 15:59:09 EDT
Package Change Request
======================
Package Name: fedora-release
New Branches: F-12
Comment 18 Jason Tibbitts 2009-08-28 16:03:45 EDT
CVS done.

Note You need to log in before you can comment on or make changes to this bug.