Bug 403801 - Review Request: jpoker - A jQuery user interface to play on poker-network based servers
Review Request: jpoker - A jQuery user interface to play on poker-network bas...
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Tibbitts
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-28 22:36 EST by Jesse Keating
Modified: 2013-01-09 21:42 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-04 15:10:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
tibbs: fedora‑review+
kevin: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Jesse Keating 2007-11-28 22:36:10 EST
Spec URL: http://jkeating.fedorapeople.org/review/jpoker.spec
SRPM URL: http://jkeating.fedorapeople.org/review/jpoker-1.0.6-1.fc8.src.rpm
Description:
jPoker is a jQuery user interface to play on poker-network based server.
For now jPoker allows you to list running tables and upcoming tournaments,
but it means to become a full featured javascript pokerclient.
Comment 1 Jason Tibbitts 2007-12-03 19:37:22 EST
There's not really all that much to this.  In fact, I'm not really clear on what
it's supposed to do; I guess the expectation is that you're running the web
server on the same machines as the poker-network server, because this offers no
choice of server or even any way to configure the server it connects to
(proxy.php seems to hardcode http://127.0.0.1:19382).

Is it safe to have this enabled and exposed to the world by default?

The upstream web site indicates this is some sort of jquery plugin, but the
package bundles jquery itself.  I guess it would be super-pointless to cook up
some method for sharing an 80K javascript library between packages, but I don't
relish the thought of a security issue cropping up in a little library that's
embedded in a bunch of places.  I guess you could do it with symlinks.

I'm a bit confused about the License: tag.  I see parts which are GPLv2+:
  proxy.php
  tables.html
  index.html
  jquery.jpoker.js
  tournaments.html
and parts which are dual-licensed MIT and an unknown GPL version:
  jquery.js
  jquery-tablesorter.js
but I don't see what's licensed as BSD.

So to me it looks more like "License: GPLv2+ and (MIT or GPL+)" is closer to the
truth, but maybe I'm missing something.  It's funny how COPYING and
GPL-LICENSE.txt both contain the GPL, but one is re-intended and is missing a
single comma at the end of the copyright line and the entire "How to Apply" section.

The only thing that really troubles me is the License: tag, which should be
trivial to double-check and fix if necessary before you check in.

Review:
* source files match upstream:
   e587b27fbb0b7ac6569d5850375513d661e5bd759671d14137ec91ccc8bdec38  
   jpoker-1.0.6.tar.gz
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
? license field matches the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper (none)
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly
* rpmlint is silent.
* final provides and requires are sane:
   jpoker = 1.0.6-1.fc9
  =
   httpd
   php
* %check is not present; no test suite upstream.  Seems to work as far as I can 
   figure it out.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* no scriptlets present.
* code, not content.
* documentation is small, so no -docs subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.

APPROVED; please just double check License: before you check in.
Comment 2 Jesse Keating 2007-12-03 19:50:32 EST
Huh, previous versions of this software had a BSD licensed file.  That seems to
have gone away.  I'll fix up the license.

I'm not entirely sure what all this is expected to do, it's apparently early in
the development.  The producers just wanted to get it into Fedora for easier
updating over time.

New Package CVS Request
=======================
Package Name: jpoker
Short Description: A jQuery user interface to play on poker-network based servers
Owners: jkeating
Branches: 
InitialCC: 
Cvsextras Commits:
Comment 3 Jesse Keating 2007-12-03 19:55:21 EST
Oh, and the GPL license file referenced by the MIT or GPL licensed files is
marked as version 2 at the top, hence the MIT or GPLv2+.
Comment 4 Kevin Fenzi 2007-12-03 20:12:07 EST
cvs done.
Comment 5 Jason Tibbitts 2007-12-03 20:44:21 EST
Note that the version of the GPL license file is completely immaterial.

from http://fedoraproject.org/wiki/Licensing:
"
A GPL or LGPL licensed package that lacks any statement of what version that
it's licensed under in the source code/program output/accompanying docs is
technically licensed under *any* version of the GPL or LGPL, not just the
version in whatever COPYING file they include.
"
Comment 6 Jesse Keating 2007-12-04 15:10:09 EST
Ah, moved to GPL+.  Built for rawhide.

Note You need to log in before you can comment on or make changes to this bug.