Bug 257061 - Review Request: osslsigncode - Tool for Authenticode signing of EXE/CAB files
Review Request: osslsigncode - Tool for Authenticode signing of EXE/CAB files
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Tibbitts
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-27 12:34 EDT by Matthias Saou
Modified: 2007-11-30 17:12 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-26 06:51:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
tibbs: fedora‑review+
kevin: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Matthias Saou 2007-08-27 12:34:21 EDT
Spec URL: http://thias.fedorapeople.org/review/osslsigncode/osslsigncode.spec
SRPM URL: http://thias.fedorapeople.org/review/osslsigncode/osslsigncode-1.2-2.src.rpm
Description:
Tool for Authenticode signing of EXE/CAB files.

Note: A quick look doesn't show any patent infringement, but this might deserve a double check, just to be sure.
Comment 1 Yanko Kaneti 2007-08-27 15:41:39 EDT
> Note: A quick look doesn't show any patent infringement, but this might
deserve a double check, just to be sure.

To this one can only add an even faster non-look that says its infringing
..someone's.. something... ;)
Comment 2 Matthias Saou 2007-08-31 13:28:45 EDT
> To this one can only add an even faster non-look that says its infringing
> ..someone's.. something... ;)

Could you please elaborate? Obviously, if there's any problem, I'd prefer
knowing ASAP and close this review request.
Comment 3 Yanko Kaneti 2007-08-31 15:43:13 EDT
(In reply to comment #2)
> Note: A quick look doesn't show any patent infringement, but this might
deserve a double check, just to be sure.

> > To this one can only add an even faster non-look that says its infringing
> > ..someone's.. something... ;)
> 
> Could you please elaborate? Obviously, if there's any problem, I'd prefer
> knowing ASAP and close this review request.

I was joking, in attempt to make a point. Please keep meaningless patent related
remarks out of supposedly technical forums like bugzilla or fedora-devel. 
Comment 4 Matthias Saou 2007-09-03 04:00:10 EDT
(In reply to comment #3)
> I was joking, in attempt to make a point. Please keep meaningless patent related
> remarks out of supposedly technical forums like bugzilla or fedora-devel. 

Well, I didn't catch the joke nor the point. I could also very well argue that
(possibly confusing) humor doesn't have its place here either.

What I meant was that I browsed the source code, the docs, looked at the
agreements from the Microsoft docs used, and didn't see any obvious problems.
But IANAL, which is why I'd prefer someone with more technical knowledge and/or
more legal knowledge to double check.
Comment 5 Yanko Kaneti 2007-09-03 07:52:02 EDT
(In reply to comment #4)
> What I meant was that I browsed the source code, the docs, looked at the
> agreements from the Microsoft docs used, and didn't see any obvious problems.
> But IANAL, which is why I'd prefer someone with more technical knowledge and/or
> more legal knowledge to double check.

And what I meant is that this amounts to absolutely nothing and shouldn't even
be mentioned. You have a patent system bogged down with tens of thousands
software patents (not all belonging to Microsoft) full of obscure legalese that
can be applied to anything. To take a "quick look" is just ridiculous. And
nobody sane, much less a lawyer, would claim to be sure that certain code is not
infringing someone elses patent.
Comment 6 Jason Tibbitts 2007-10-04 00:53:45 EDT
I don't think this is really the proper forum for doing a patent review; all we
can do is review the packaging.  If you want to pass this to Red Hat's lawyers
before importing, that's up to you.  In the meantime, this is a clean package;
it builds fine and rpmlint is silent.  There's not much to it, really.

I guess you can handle not using the dist tag; I don't expect that this package
will need to change often anyway.

* source files match upstream:
   5cd55fa974b06bf89ee128137a969e58a8c6ea1df20b100ddb6b23a58682bec8  
   osslsigncode-1.2.tar.gz
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* build root is OK.
* license field matches the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper.
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (development, x86_64).
* package installs properly
* debuginfo package looks complete.
* rpmlint is silent.
* final provides and requires are sane:
   osslsigncode = 1.2-2
  =
   libcrypto.so.6()(64bit)
   libcurl.so.4()(64bit)
   libssl.so.6()(64bit)
   libz.so.1()(64bit)
* %check is not present; no test suite upstream.  I haven't a clue how to test 
   this package.
* no shared libraries are added to the regular linker search paths.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* no scriptlets present.
* code, not content.
* documentation is small, so no -docs subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.
* no headers.
* no pkgconfig files.
* no static libraries.
* no libtool .la files.

APPROVED
Comment 7 Jason Tibbitts 2007-11-06 11:58:13 EST
Ping?  This package is approved; did you want to make a CVS request and get it
imported?
Comment 8 Matthias Saou 2007-11-06 12:21:14 EST
New Package CVS Request
=======================
Package Name: osslsigncode
Short Description: Tool for Authenticode signing of EXE/CAB files
Owners: matthias@rpmforge.net
Branches: F-8 F-7 EL-5 EL-4
InitialCC: 
Cvsextras Commits: yes
Comment 9 Kevin Fenzi 2007-11-06 14:26:03 EST
cvs done.
Comment 10 Matthias Saou 2007-11-26 06:51:40 EST
Imported and built at last.

Note You need to log in before you can comment on or make changes to this bug.