Fedora Merge Review: fedora-release http://cvs.fedora.redhat.com/viewcvs/devel/fedora-release/ Initial Owner: jkeating
rpmlint's output: RPM: W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-test W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-legacy W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide W: fedora-release non-conffile-in-etc /etc/fedora-release W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-extras W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide SRPM: W: fedora-release unversioned-explicit-obsoletes redhat-release W: fedora-release unversioned-explicit-provides redhat-release
Partial review: BLOCKERS: * No upstream tarball to compare with included tarball (MUST item) * Version of source (6) doesn't match package version (6.90) * Description field is the same as summary field. * Licensing is quite varied and contradictory: - The License field mentions GFDL, while no mention of such a license exists in the tarball contents. - The tarball contains a copy of GPL, while no file in the package is actually licensed under the GPL either. - The license for the program "eula.py" is not mentioned in its header, making it proprietary software. - The file "README-Accessibility" in the package says "Copyright © 2003 by Red Hat, Inc." (no mention of license, free or not) - The file "eula.txt" in the package says "Copyright (C) 2003, 2004, 2005, 2006 Fedora Project. All rights reserved." (definitely not free) and also mentions a few trademarks. * The file "eula.txt" mentions weird things: - It says there is something called "Fedora Core". What is that? ;-) - It talks about "Fedora Core 6". But it's for "Fedora 7 test-something" or "Fedora Rawhide" or something. - It says that "The end user license agreement for each component is located in the component's source code." Rarely true. Instead, the source code usually contains a copyright license (like the GPL, which free software usually has), not an end user license agreement (which proprietary software usually has). - It says that except "certain image files containing the Fedora trademark", the license terms allow one to "[...] modify, and redistribute the component". Not always true, considering packages that are only "Distributable". Not always true because of Section 5 either. - It talks about a package named "anaconda-images", which does not exist in Fedora anymore. - In its Section 5, it requires things from users in Pakistan and basically asks them to "represent and warrant" that they will not help their neighbor[ing countries] and ask the US government for permission for giving a copy of the software (parts of which he may have written himself) to his friend, among other things. - I totally prefer licenses that say "You are not required to accept this License, since you have not signed it" (from GPL clause 5), instead of those who say "By downloading, installing or using the Software, User agrees to the terms of this agreement." Who has written this anyway? ;-) - /me escapes SUGGESTIONS: * "fedora-release-6" or a part of it could become a macro. At the minimum could be replace with "%{name}-6". * Use %{_sysconfdir} instead of /etc * Use %{_datadir} instead of /usr/share * Use "cp -p" and "install -p" instead of "cp" and "install" everywhere * Use "%defattr(-,root,root,-)" instead of "%defattr(-,root,root)"
Is fedora-release-notes really required by this package? http://martin.hates-software.com/2007/02/03/fb463e68.html
(In reply to comment #2) > Partial review: > > BLOCKERS: > * No upstream tarball to compare with included tarball (MUST item) Fedora is the upstream for this, our preferred method of distribution is srpm. For this reason there is no "upstream" tarball. I do believe there are guidelines being proposed to make this acceptable. > * Version of source (6) doesn't match package version (6.90) This has already been fixed. > * Description field is the same as summary field. How is this a blocker? > * Licensing is quite varied and contradictory: > - The License field mentions GFDL, while no mention of such a license exists > in the tarball contents. I changed this to GPL > - The tarball contains a copy of GPL, while no file in the package is actually > licensed under the GPL either. The eula.py file is GPL now. > - The license for the program "eula.py" is not mentioned in its header, making > it proprietary software. Fixed this. > - The file "README-Accessibility" in the package says "Copyright © 2003 by > Red Hat, Inc." (no mention of license, free or not) This file isn't packaged anymore, removing it. > - The file "eula.txt" in the package says "Copyright (C) 2003, 2004, 2005, > 2006 Fedora Project. All rights reserved." (definitely not free) and also > mentions a few trademarks. > * The file "eula.txt" mentions weird things: > - It says there is something called "Fedora Core". What is that? ;-) > - It talks about "Fedora Core 6". But it's for "Fedora 7 test-something" or > "Fedora Rawhide" or something. > - It says that "The end user license agreement for each component is located > in the component's source code." Rarely true. Instead, the source code > usually contains a copyright license (like the GPL, which free software > usually has), not an end user license agreement (which proprietary software > usually has). > - It says that except "certain image files containing the Fedora trademark", > the license terms allow one to "[...] modify, and redistribute the > component". Not always true, considering packages that are only > "Distributable". Not always true because of Section 5 either. > - It talks about a package named "anaconda-images", which does not exist in > Fedora anymore. > - In its Section 5, it requires things from users in Pakistan and basically > asks them to "represent and warrant" that they will not help their > neighbor[ing countries] and ask the US government for > permission for giving a copy of the software (parts of which he may have > written himself) to his friend, among other things. > - I totally prefer licenses that say "You are not required to accept this > License, since you have not signed it" (from GPL clause 5), instead of those > who say "By downloading, installing or using the Software, User agrees to > the terms of this agreement." Who has written this anyway? ;-) > - /me escapes > I'm not touching the eula.txt. This comes straight from our Legal team. Best bring it up to the Fedora Advisory Board and have it be an item to discuss with Legal. > SUGGESTIONS: > * "fedora-release-6" or a part of it could become a macro. At the minimum could > be replace with "%{name}-6". > * Use %{_sysconfdir} instead of /etc > * Use %{_datadir} instead of /usr/share Too much of our stuff is hardcoded to depend on these things being in /etc, it doesn't make sense to macroize it in the spec. > * Use "cp -p" and "install -p" instead of "cp" and "install" everywhere Fixed (use install -d instead of mkdir) > * Use "%defattr(-,root,root,-)" instead of "%defattr(-,root,root)" Fixed. http://people.redhat.com/jkeating/fedora-release.spec
(In reply to comment #3) > Is fedora-release-notes really required by this package? > http://martin.hates-software.com/2007/02/03/fb463e68.html fedora-release-notes was split out of fedora-release during FC5 I think, maybe 6. This allowed for the docs folks to work on the release notes easier. However we need to have the Requires so that folks upgrading don't lose the relesae notes, and yes, we'd generally like the release notes to always be there and not have to be specifically asked for.
Any update on this, would like to close this out.
Seeking a new reviewer.
(In reply to comment #7) > Seeking a new reviewer. I'm shocked that this hasn't had a full review yet, I'll take a look when I get home.
Package name: OK (fedora-release) License: FAIL (GFDL vs. GPL) Spec Legible: OK (en_US) (see note) md5sum matches: NA (fedora = upstream) rpmlint clean: WARN Builds correctly: OK (noarch) Spec has %clean: OK Macro use consistant: OK Contains code/content: OK -doc subpackage: NA -devel subpackage: NA -static subpackage: NA pkgconfig depend: NA Contains %doc: OK (GPL) Library suffix: NA No .la files: NA Use desktop-file-install: NA No duplicate ownerships: OK rm -rf %{buildroot}: OK RPM uses valid UTF-8: OK %defattr is set: OK (see note) No duplicate %files: OK Not relocatable: OK Calls ldconfig: NA Supports Locales: NA BR's are correct: OK %files %defattr(-,root,root,-) %attr(0644,root,root) /etc/fedora-release /etc/redhat-release %dir /etc/yum.repos.d %config(noreplace) /etc/yum.repos.d/* %doc GPL %config(noreplace) %attr(0644,root,root) /etc/issue %config(noreplace) %attr(0644,root,root) /etc/issue.net %config(noreplace) %attr(0644,root,root) /etc/rpm/macros.dist %dir /etc/pki/rpm-gpg /etc/pki/rpm-gpg/* Makes me want to scream! 1. Please oh please don't put a %doc in the middle of a list of /etc files 2. %attr's seem redundant, 0644 can be implyed with install or even cp 3. I *think* %dir /etc/pki/rpm-gpg is redundant 4. I believe %{_sysconfdir} is perfered over /etc/file Spec file claims GFDL where the tarball provides GPL rpmlint: W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-test W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora W: fedora-release non-conffile-in-etc /etc/fedora-release W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide W: fedora-release unversioned-explicit-obsoletes redhat-release W: fedora-release unversioned-explicit-provides redhat-release (last two are okay) I'll set to reviewed when changes hit cvs
(In reply to comment #9) > License: FAIL (GFDL vs. GPL) Will fix. > %files > %defattr(-,root,root,-) > %attr(0644,root,root) /etc/fedora-release > /etc/redhat-release > %dir /etc/yum.repos.d > %config(noreplace) /etc/yum.repos.d/* > %doc GPL > %config(noreplace) %attr(0644,root,root) /etc/issue > %config(noreplace) %attr(0644,root,root) /etc/issue.net > %config(noreplace) %attr(0644,root,root) /etc/rpm/macros.dist > %dir /etc/pki/rpm-gpg > /etc/pki/rpm-gpg/* > > Makes me want to scream! > 1. Please oh please don't put a %doc in the middle of a list of /etc files Heh, will move up. Love inherited packages. > 2. %attr's seem redundant, 0644 can be implyed with install or even cp Yeah, probably best to do it at install time. > 3. I *think* %dir /etc/pki/rpm-gpg is redundant Maybe. We want to own that dir and not just the files within it. Will experiment. > 4. I believe %{_sysconfdir} is perfered over /etc/file Preferred but not necessary. Will consider. > Spec file claims GFDL where the tarball provides GPL Yeah, need to fix that. > rpmlint: > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-test > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-rawhide > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora That's correct, these aren't config files, they're data... that happens to live in a config directory. > W: fedora-release non-conffile-in-etc /etc/fedora-release We want to overwrite this file on upgrades. Suppose it could be config but without noreplace. > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide See above about other gpg keys. > W: fedora-release unversioned-explicit-obsoletes redhat-release > W: fedora-release unversioned-explicit-provides redhat-release > > (last two are okay) > > I'll set to reviewed when changes hit cvs Working....
I changed the license, marked /etc/fedora-release as a config file (but not noreplace), removed noreplace from the macros.dist file. I left the defatters alone as we don't install or copy those files during %install, we echo directly into those files, so we need to set the perms. Changes committed to CVS, will wait for approval to do another build.
(In reply to comment #9) > Package name: OK (fedora-release) > License: FAIL (GFDL vs. GPL) OX > Spec Legible: OK (en_US) (see note) > md5sum matches: NA (fedora = upstream) > rpmlint clean: WARN Acceptable > Builds correctly: OK (noarch) > Spec has %clean: OK > Macro use consistant: OK > Contains code/content: OK > -doc subpackage: NA > -devel subpackage: NA > -static subpackage: NA > pkgconfig depend: NA > Contains %doc: OK (GPL) > Library suffix: NA > No .la files: NA > Use desktop-file-install: NA > No duplicate ownerships: OK > rm -rf %{buildroot}: OK > RPM uses valid UTF-8: OK > %defattr is set: OK (see note) Acceptable > No duplicate %files: OK > Not relocatable: OK > Calls ldconfig: NA > Supports Locales: NA > BR's are correct: OK > %files > %defattr(-,root,root,-) > %attr(0644,root,root) /etc/fedora-release > /etc/redhat-release > %dir /etc/yum.repos.d > %config(noreplace) /etc/yum.repos.d/* > %doc GPL > %config(noreplace) %attr(0644,root,root) /etc/issue > %config(noreplace) %attr(0644,root,root) /etc/issue.net > %config(noreplace) %attr(0644,root,root) /etc/rpm/macros.dist > %dir /etc/pki/rpm-gpg > /etc/pki/rpm-gpg/* This looks much better > Makes me want to scream! > 1. Please oh please don't put a %doc in the middle of a list of /etc files > 2. %attr's seem redundant, 0644 can be implyed with install or even cp > 3. I *think* %dir /etc/pki/rpm-gpg is redundant > 4. I believe %{_sysconfdir} is perfered over /etc/file All fixed or with reasoning, I will once again note that we pull up people for using /etc instead of %{_sysconfdir} (In reply to comment #10) > (In reply to comment #9) > > rpmlint: > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-beta > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora- test > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora- rawhide > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora > That's correct, these aren't config files, they're data... that happens to live > in a config directory. > > W: fedora-release non-conffile-in-etc /etc/pki/rpm-gpg/RPM-GPG-KEY-rawhide > See above about other gpg keys. I wonder, would these be better in /usr/share/fedora or similar? (/usr/share/fedora/gpg/RPM-GPG-KEY-whatever). A symlink could be created to keep 3rd party repos happy. Otherwise, all fine, go ahead and build like crazy :P
Package Change Request ====================== Package Name: fedora-release New Branches: F-10
cvs done
Package Change Request ====================== Package Name: fedora-release New Branches: F-11
cvs done.
Package Change Request ====================== Package Name: fedora-release New Branches: F-12
CVS done.