2441979 – Review Request: govulncheck - Database client and tools for the Go vulnerability database

Bug 2441979 - Review Request: govulncheck - Database client and tools for the Go vulnerability database

Summary: Review Request: govulncheck - Database client and tools for the Go vulnerabil...

Keywords:
Status:	RELEASE_PENDING
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	Package Review
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Mikel Olasagasti Uranga
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-23 19:07 UTC by Alejandro Sáez Morollón
Modified:	2026-03-02 10:45 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type:	---
Embargoed:
Dependent Products:
Flags:	mikel: fedora-review+

Attachments	(Terms of Use)

Description Alejandro Sáez Morollón 2026-02-23 19:07:05 UTC

This is a rename request. The original name of the package is golang-x-vuln. Based on the current Go SIG guidelines, the name of the package should be govulncheck.

Spec URL: https://alexsaezm.fedorapeople.org/rpms/govulncheck/govulncheck.spec
SRPM URL: https://alexsaezm.fedorapeople.org/rpms/govulncheck/govulncheck-1.1.4-1.20260218gita9cf566.fc45.src.rpm
Description: Database client and tools for the Go vulnerability database, providing the govulncheck command for vulnerability scanning.
Fedora Account System Username: alexsaezm

Comment 1 Fedora Review Service 2026-02-23 23:57:28 UTC

Cannot find any valid SRPM URL for this ticket. Common causes are:

- You didn't specify `SRPM URL: ...` in the ticket description
  or any of your comments
- The URL schema isn't HTTP or HTTPS
- The SRPM package linked in your URL doesn't match the package name specified
  in the ticket summary


---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.

Comment 2 Mikel Olasagasti Uranga 2026-02-27 09:31:24 UTC

Golang Package Review
==============

This package was generated using go2rpm and Go Vendor Tools, which simplifies
the review.

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated


- [x] The latest version is packaged or packaging an earlier version is justified.
- [x] The License tag reflects the package contents and uses the correct identifiers.
- [x] The package builds successfully in mock.
- [x] Package is installable (checked by fedora-review).
- [x] There are no relevant rpmlint errors.
- [x] The package runs tests in %check.
- [x] `%goipath` is set correctly.
- [x] The package's binaries don't conflict with binaries already in the distribution. (Some Go projects include utility binaries with very generic names)
- [x] There are no `%{_bindir}/*` wildcards in %files. (go2rpm includes these by default)
- [x] The package does not use `%gometa -f` if it has dependents that still build for %ix86.
- [x] The package complies with the Golang and general Packaging Guidelines.
- [x] GO_LDFLAGS are set correctly.

Package approved! On import, don't forget to do the following:

- [ ] Add the package to release-monitoring.org
- [ ] Give go-sig privileges (at least commit) on the package
- [ ] Close the review bug by referencing its ID in the rpm changelog and the Bodhi ticket.
- [ ] Consider configuring Packit service to help with maintenance

Comment 3 Alejandro Sáez Morollón 2026-03-02 10:42:40 UTC

I changed the title of the bug to make fedpkg request-repo work

Comment 4 Fedora Admin user for bugzilla script actions 2026-03-02 10:45:09 UTC

The Pagure repository was created at https://src.fedoraproject.org/rpms/govulncheck

Note You need to log in before you can comment on or make changes to this bug.