Spec URL: http://stingr.net/reviews/md5deep.spec SRPM URL: http://stingr.net/reviews/md5deep-2.0.1-1.fc9.src.rpm Description: This is md5deep, a set of cross-platform tools to compute hashes, or message digests, for any number of files while optionally recursively digging through the directory structure. It can also take a list of known hashes and display the filenames of input files whose hashes either do or do not match any of the known hashes. This version supports MD5, SHA-1, SHA-256, Tiger, and Whirlpool hashes.
how are these command different than currently available md5sum sha1sum?
The license of this package is a bit more complicated than what you have; most of it is in the public domain but the tiger bits are GPLv2+. So the License: tag would read "GPLv2+ and public domain" with a comment about which bits have which license. However, I cannot find any licensing information on whirlpool.c; it has the all-caps disclaimer portion of the 2-clause BSD license but contains no statement permitting modification or redistribution. I honestly don't know what that means for the license of the resulting whirlpooldeep package, and so I can't approve it. Blocking FE-Legal for some guidance.
The Whirlpool implementation is in the Public Domain: http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html This is ok. Lifting FE-Legal.
I didn't notice the above comment and so this seems to have fallen through the tracks, sorry. Paul, would you still like a review of this? Would you consider updating the package to version 3.0?
Yes I will update the package, however I don't think that review basis will change considerably.
Spec URL: http://stingr.net/reviews/md5deep.spec SRPM URL: http://stingr.net/reviews/md5deep-3.0-1.fc10.src.rpm
Here's my review: -rpmlint is quiet on the specfile, binary RPM and -debuginfo RPM. -no errors or warnings in the mock build log for f9-i386 or rawhide-i386 I don't think there's an issue with whirlpool.c, as it is stated in COPYING that the whole of the project is in the public domain and the specific license statement is included in the file. Everything else looks good.
Package Review ============== Key: - = N/A x = Check ! = Problem ? = Not evaluated === REQUIRED ITEMS === [x] Package is named according to the Package Naming Guidelines. [x] Spec file name must match the base package %{name}, in the format %{name}.spec. [x] Package meets the Packaging Guidelines. [x] Package successfully compiles and builds into binary rpms on at least one supported architecture. Tested on: devel/x86_64, devel/i386 [x] Rpmlint output: source RPM: empty binary RPM:empty [x] Package is not relocatable. [x] Buildroot is correct (%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u}-XXXXXX)) [!] Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!] License field in the package spec file matches the actual license. License fields:GPLv2 License of the included files: see below [x] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x] Spec file is legible and written in American English. [x] Sources used to build the package matches the upstream source, as provided in the spec URL. SHA1SUM of package: 50a439b08a911e804f0acae30607a2f8940f0d99 /tmp/md5deep-3.0.tar.gz [x] Package is not known to require ExcludeArch [x] All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [-] The spec file handles locales properly. [-] ldconfig called in %post and %postun if required. [x] Package must own all directories that it creates. [x] Package requires other packages for directories it uses. [x] Package does not contain duplicates in %files. [x] Permissions on files are set properly. [x] Package has a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). [x] Package consistently uses macros. [x] Package contains code, or permissable content. [-] Large documentation files are in a -doc subpackage, if required. [x] Package uses nothing in %doc for runtime. [-] Header files in -devel subpackage, if present. [-] Static libraries in -devel subpackage, if present. [-] Package requires pkgconfig, if .pc files are present. [-] Development .so files in -devel subpackage, if present. [-] Fully versioned dependency in subpackages, if present. [x] Package does not contain any libtool archives (.la). [-] Package contains a properly installed %{name}.desktop file if it is a GUI application. [x] Package does not own files or directories owned by other packages. === SUGGESTED ITEMS === [x] Latest version is packaged. [x] Package does not include license text files separate from upstream. [-] Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x] Reviewer should test that the package builds in mock. Tested on: devel/x86_64, devel/i386 [?] Package should compile and build into binary rpms on all supported architectures. Tested on: [x] Package functions as described. [-] Scriptlets must be sane, if used. [-] The placement of pkgconfig(.pc) files is correct. [-] File based requires are sane. Issues: I have to recheck the license. The md5 part vaguely resembles with the older md5.h which was released under the problemativ RSA license and I want to verify more carefully.
OK. I have looked over the code at it looks to be different. Package APPROVED Note that meanwhile upstream has released a new version of the source code, maybe you'll prefer to update the src.rpm before comit.
New Package CVS Request ======================= Package Name: md5deep Short Description: A set of cross-platform tools to compute hashes Owners: stingray Branches: F-8 F-9 Cvsextras Commits: yes
cvs done.
Any plans to make it available in F-8 and F-9 as "updates"?
md5deep-3.1-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/md5deep-3.1-1.fc9
md5deep-3.1-1.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/md5deep-3.1-1.fc8
md5deep-3.1-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
md5deep-3.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Package Change Request ======================= Package Name: md5deep Short Description: A set of cross-platform tools to compute hashes Owners: stingray rebus Branches: el5 el6 epel7 Hello SCM team, please we would like to add branches for the md5deep to support packages also for the epel branches.
Misformatted request.
Package Change Request ====================== Package Name: md5deep New Branches: el5 el6 epel7 Owners: stingray rebus
Git done (by process-git-requests).
md5deep-4.3-3.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/md5deep-4.3-3.el5
md5deep-4.3-3.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/md5deep-4.3-3.el6
md5deep-4.3-3.el6 has been pushed to the Fedora EPEL 6 stable repository.
md5deep-4.3-3.el5 has been pushed to the Fedora EPEL 5 stable repository.
md5deep-4.4-1.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/md5deep-4.4-1.el7
md5deep-4.4-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/md5deep-4.4-1.fc21
md5deep-4.4-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/md5deep-4.4-1.fc20
md5deep-4.4-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
md5deep-4.4-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
md5deep-4.4-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.