Spec URL: http://jjames.fedorapeople.org/jlint/jlint.spec SRPM URL: http://jjames.fedorapeople.org/jlint/jlint-3.1-1.src.rpm Description: Jlint will check your Java code and find bugs, inconsistencies and synchronization problems by doing data flow analysis and building the lock graph. Jlint is extremely fast - even on large projects, it requires only one second to check all classes! It is easy to learn and requires no changes to the class files. Jlint has been used in an industrial environment and successfully uncovered faults with little effort! The original version of Jlint was written by Konstantin Knizhnik. It was extended by Cyrille Artho to perform more extensive synchronization checks.
Is this your first package submission to Fedora?
No, Jerry (in case you're the same Jerry James) already maintains some packages in Fedora. Dunno whether the different email address here from the earlier ones is a problem (earlier are assigned to Jerry.James at usu.edu in the no longer used owners.list) jlint is already in Fedora CVS, orphaned and dropped from the distro a few releases ago. I used to maintain it, and speaking from that experience, I would suggest using the package already in CVS as the base, or most importantly using Konstantin Knizhnik's original 1.x versions instead of the extended 3.x ones. When I last compared them, 1.x gave much better results than 3.x which reported lots of false positives, which is why I kept the Fedora package at 1.x. I don't remember more details and I'm no longer using jlint, so I'm afraid there's no more info about this I can share.
I'm the same Jerry James. I changed jobs, and hence email addresses. I updated my Fedora Account with the new email address, and added an identity to my GPG key. Is there something else I need to do? Did I miss a wiki page somewhere on what to do when one's email address changes? The web page where I found jlint listed as an orphan said it had been removed from CVS. Is that information incorrect? I've never compared the 1.x version to the 3.x version. I'll do that before proceeding further with this request. Thanks.
I suppose the mail address is ok, I just didn't recognize it. jlint is in CVS, except for the FC-6 and F-7 branches. FC-5 contains the last revision I've worked on, and devel contains just the "dead.package" marker file.
The 1.x version has not been touched in 9 years. The 3.x version has not been touched in 9 months. I have some hopes that the 3.x version can be updated as needed; I have little hope that the 1.x version will be. I can't know for certain without seeing your test cases, Ville, but it is possible that the spurious warnings you got from 3.x are due to the new tests introduced in 3.x, rather than corrupted tests that were present in 1.x. If you send me code that triggers spurious warnings, I pledge to work with upstream to make those warnings go away. Can we proceed with the review using the 3.x version?
(In reply to comment #5) > The 1.x version has not been touched in 9 years. The 3.x version has not > been touched in 9 months. The most recent modification inside the 1.21 tarball is from 2004-04-05, and the last code modification from 2003-12-08 so it's not quite that old. The newest modification in the 3.x series is compilation fixes for gcc 3.4.x, no other changes in 3.1 vs 3.0 according to the release notes. 3.0 was released 2004-06-22. Additionally, the original 1.x author was very responsive to my mails, whereas the sourceforge tracker for 3.x does not look too promising regarding upstream activity (not a single comment to any open item in almost 3 years): http://sourceforge.net/tracker/?atid=514797&group_id=66529&func=browse > If you send me code that > triggers spurious warnings, I pledge to work with upstream to make those > warnings go away. Sorry, as said, I don't have more details about this handy any more. Will send if I remember more details or come across them again. > Can we proceed with the review using the 3.x version? Your call, but before that I do suggest taking a closer look at the 3.x upstream's activity as well as comparing 1.x functionality to 3.x (unless you already did and I just failed to parse it from your earlier comments). Also, it'd be better to find someone who actually uses jlint/antic nowadays to do the review, but I can chime in later if nobody shows up.
Now I'm concerned about licensing issues. The 1.x code just says that it is "freeware", with no indication of what the author thinks that means. The 3.x code claims to be released under the GPL, but since it is a derivative work of code with no clear license, I'm not sure that's legal. I'm now inclined to drop jlint and work on getting findbugs into Fedora instead. Unless someone really, really wants me to keep pursuing jlint, I'm going to close this review request and leave jlint alone.
I have no objections to that, but as said, the 1.x author at least used to respond pretty quickly to mails so I suppose clarifying the license wouldn't take much more than just asking him.
Upstream chose an MIT license and also fixed the 64-bit compilation issues. The new URLs are: Spec URL: http://jjames.fedorapeople.org/jlint/jlint.spec SRPM URL: http://jjames.fedorapeople.org/jlint/jlint-1.23-1.src.rpm
Looks good to me, approved. One minor nit (can be done after import): since VENDINFO.DIZ is no longer shipped, could drop the related sed'ing in %prep as well.
Package Change Request ====================== Package Name: jlint New Branches: FC-6 F-7 Updated Fedora Owners: jjames This is a revival of a previously orphaned package.
cvs done.
jlint-1.23-1.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report.
jlint-1.23-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.