Bug 363741 - Review Request: libewf - Library for the Expert Witness Compression Format (EWF)
Summary: Review Request: libewf - Library for the Expert Witness Compression Format (EWF)
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jason Tibbitts
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2007-11-02 13:02 UTC by Nicolas Chauvet (kwizart)
Modified: 2009-07-28 04:48 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2007-11-10 01:08:53 UTC
tibbs: fedora-review+
kevin: fedora-cvs+

Attachments (Terms of Use)

Description Nicolas Chauvet (kwizart) 2007-11-02 13:02:08 UTC
Spec URL:
Description: Library for the Expert Witness Compression Format (EWF)

koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=224364
rpmlint on installed files: libewf.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libewf.so.1.0.1 /lib64/libuuid.so.1
Maybe this is related to the options used...

Comment 1 Jason Tibbitts 2007-11-02 16:50:49 UTC
The unused-direct-shlib-dependency comes from linking to libuuid but not calling
any functions in it.  The tools call it, and the package just uses the same
options to link the tools and the library.  I don't think it's enough of an
issue to justify patching around in the package's Makefile.

Comment 2 Jason Tibbitts 2007-11-03 18:28:19 UTC
Lovely how upstream forces you to use https but has an expired certificate.

The upstream web pages indicate that this is stable.  Is the eight digit number
looking suspiciously like a date actually the package's version?  If so, then
you could just use that as the version instead of treating the package as a
snapshot with no version.  Which would make your version "20070512" and your
release as "1".  Of course, this breaks (forcing you to use Epoch:) if upstream
does decide to release version 1.0 in the future, so I'll leave this up to you.
 If upstream is still sufficiently active, you could ask them what they plan to do.

The COPYING file seems to me to include the 4-clause BSD license, including the
advertising clause, although they swapped two of the clauses for whatever reason.

- All advertising materials mentioning features or use of this software
  must acknowledge the contribution by people stated in the acknowledgements.

So, first off, your License: tag is wrong; it must be "BSD with advertising".

Then, this program cannot link against anything which conflicts with
BSD+advertising.  zlib is OK, glibc is OK (LGPL), openssl/libcrypto is OK, and
e2fsprogs has four different licenses.  Looking in the source, libuuid (which is
all that's being linked against here) is plain 3-clause BSD without advertising.
 So that should be OK as well.  Running ldd against all binaries and libraries
doesn't show anything else, so that should OK.

When submitting packages with difficult licenses, you need to do this kind of
review up front.  We can't generally trust upstream to do this kind of thing
properly, because it seems to be those that pick the "you must mention me in
your advertising materials" clause who understand the implications of such a
thing the least.  You also need to make sure that the package doesn't grow
additional dependencies in the future which would cause a licensing conflict,
and that the licenses of your dependencies don't change and cause conflicts.

* source files match upstream:
* package meets naming and versioning guidelines (but consider using date as 
  version as detailed above).
* specfile is properly named, is cleanly written and uses macros consistently.
* summaries are OK.
* descriptions are OK.
* dist tag is present.
* build root is OK.
* license field matches the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper.
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly
* debuginfo package looks complete.
* rpmlint complaints are OK.
* final provides and requires are sane:
   ewftools = 0-1.20070512.fc8
   libewf = 0-1.20070512.fc8

   libewf = 0-1.20070512.fc8

   libewf-devel = 0-1.20070512.fc8
   libewf = 0-1.20070512.fc8

* %check is not present; no test suite upstream.  I have no existing EWF files 
   to use test this, although I did run the tools and "acquired" a file and 
   things seemed to work well enough.
* shared libraries present; ldconfig called properly.
* unversioned .so files are in the -devel package.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* scriptlets are OK (ldconfig calls)
* code, not content.
* documentation is small, so no -docs subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.
* headers are in the -devel package.
* pkgconfig file present in -devel package.
* no static libraries.
* no libtool .la files.


Comment 3 Nicolas Chauvet (kwizart) 2007-11-05 15:58:56 UTC
Thx for the review! I will update the License field before built...

This package is used by http://www.sleuthkit.org
which uses http://www.porcupine.org/forensics/tct.html (IBM License)
Maybe there will be a problem then... (I cannot find the wiki about compatibles

New Package CVS Request
Package Name:      libewf
Short Description: Library for the Expert Witness Compression Format (EWF)
Owners:            kwizart
Branches:          F-8 F-7
InitialCC:         <empty>
Commits by cvsextras: yes

Comment 4 Jason Tibbitts 2007-11-05 16:15:21 UTC
Well, there is http://fedoraproject.org/wiki/Licensing but it only deals with
compatibility between common licenses.  Doing that work for all licenses we know
about would require more lawyers than I care to think about.

If you have doubts about compatibility of a specific set of licenses, just ask
or block FE-Legal on your review ticket.

Comment 5 Kevin Fenzi 2007-11-05 16:47:49 UTC
cvs done.

Comment 6 Nicolas Chauvet (kwizart) 2009-07-27 11:03:24 UTC
Package Change Request
Package Name: libewf
New Branches: EL-5
Owners: kwizart

Comment 7 Kevin Fenzi 2009-07-28 04:48:22 UTC
cvs done.

Note You need to log in before you can comment on or make changes to this bug.