Good:
+ Rpmlint is quite on source rpm.
+ Local build works fine.
+ License seems ok
+ Naming semms ok

Bad:
+ Rpmlint complaints binary RPM.
rpmlint mod_auth_shadow-2.1-1.x86_64.rpm
E: mod_auth_shadow setuid-binary /usr/sbin/validate root 04755
E: mod_auth_shadow non-standard-executable-perm /usr/sbin/validate 04755
- Debuginfo RPM contains no sources
- Use a better source URL to sf.net (??)

Thanks for the review. I believe everything's OK now. New versions with URLs 
as before.

Debuginfo RPM: Fixed (I shouldn't have stripped the binaries on installation).

rpmlint complains about the setuid root binary : this can be disregarded - 
it's meant to be a setuid binary, that's the design; you can't 
read /etc/shadow without it! (The non-standard permission is a permutation on 
this error: it's the setuid bit which is nonstandard).

Sourceforge URL... I can't see any problem with this. 
(http://downloads.sourceforge.net/mod-auth-shadow/%{name}-%{version}.tar.gz)

Good:
+ Tar ball matches with upstream.
+ License ok.

Bad:
- Package contains no verbatin text of the license
  (Please contact upstream to include it in the next release)
- Debuginfo package contains no sources.

Please increase release number when upload a new release of your package.

New versions, which I believe satisfy both mentioned requirements:

Spec URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow.spec
SRPM URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow-2.1-2.src.rpm

I've included a copy of the GPL to satisfy the GPL's own requirements, and 
I've contacted upstream to ask them to include it themselves in future 
releases.

The debuginfo was a mistake - somehow I'd not updated the uploaded src.rpm 
which had fixed this. I've bumped the version to make sure that doesn't happen 
this time.

David, you should not include the license by yourself. Please see
http://fedoraproject.org/wiki/Packaging/ReviewGuidelines, under MUST:

- MUST: If (and only if) the source package includes the text of the license(s)
in its own file, then that file, containing the text of the license(s) for the
package must be included in %doc.

Spec URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow.spec
SRPM URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow-2.1-3.src.rpm

Thanks wolfshant. New versions.

I disagree with those guidelines, as the GPL itself requires that the GPL be 
included in the distribution. It seems to me that Fedora can't redistribute 
without fulfilling those terms. Upstream isn't bound by those terms as it's 
the copyright holder, but we are, so we ought to include a copy of the GPL.

So I think Tom Callaway has got that wrong. But, I don't make the rules, so 
the new SRPM I've uploaded does it the suggested way... I assume that Fedora 
legal knows what it's doing.

God:
+ Naming semms ok
+ License ok.
+ Local build works ok.
+ Binary package ok.
+ Debuginfo package ok.
+ Mock build works fine.
+ Local install and uninstall works fine.
+ Start of httpd with installed package works fine.

Bad:
- Package conains no verbatin copy of the license
  (Please contact upstream for including it in the next release)

New Package CVS Request
=======================
Package Name: mod_auth_shadow
Short Description: An Apache module for authentication using /etc/shadow
Owners: fedora-packaging@dw-perspective.org.uk
Branches: FC-5 FC-6 EL-4 EL-5
InitialCC: 

Upstream has released a new release which includes the license file:

Spec URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow.spec
SRPM URL: http://david.dw-perspective.org.uk/tmp/mod_auth_shadow-2.2-1.src.rpm

OK, in CVS and built for devel now. Thanks to everyone who helped.