Bug 434698 - Review Request: md5deep - A set of cross-platform tools to compute hashes
Review Request: md5deep - A set of cross-platform tools to compute hashes
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: manuel wolfshant
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-24 11:49 EST by Paul P Komkoff Jr
Modified: 2014-10-17 13:40 EDT (History)
5 users (show)

See Also:
Fixed In Version: md5deep-4.4-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-10 02:50:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
wolfy: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Paul P Komkoff Jr 2008-02-24 11:49:28 EST
Spec URL: http://stingr.net/reviews/md5deep.spec
SRPM URL: http://stingr.net/reviews/md5deep-2.0.1-1.fc9.src.rpm
Description: 
This is md5deep, a set of cross-platform tools to compute hashes, or
message digests, for any number of files while optionally recursively
digging through the directory structure.  It can also take a list of known
hashes and display the filenames of input files whose hashes either do or
do not match any of the known hashes. This version supports MD5, SHA-1,
SHA-256, Tiger, and Whirlpool hashes.
Comment 1 Parag AN(पराग) 2008-02-26 00:20:25 EST
how are these command different than currently available md5sum sha1sum?
Comment 2 Jason Tibbitts 2008-03-03 23:05:44 EST
The license of this package is a bit more complicated than what you have; most
of it is in the public domain but the tiger bits are GPLv2+.  So the License:
tag would read "GPLv2+ and public domain" with a comment about which bits have
which license.  However, I cannot find any licensing information on whirlpool.c;
it has the all-caps disclaimer portion of the 2-clause BSD license but contains
no statement permitting modification or redistribution.  I honestly don't know
what that means for the license of the resulting whirlpooldeep package, and so I
can't approve it.

Blocking FE-Legal for some guidance.
Comment 3 Tom "spot" Callaway 2008-04-01 11:37:24 EDT
The Whirlpool implementation is in the Public Domain:
http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html

This is ok. Lifting FE-Legal.
Comment 4 Jason Tibbitts 2008-06-21 19:53:23 EDT
I didn't notice the above comment and so this seems to have fallen through the
tracks, sorry.  Paul, would you still like a review of this?  Would you consider
updating the package to version 3.0?
Comment 5 Paul P Komkoff Jr 2008-06-22 17:37:19 EDT
Yes I will update the package, however I don't think that review basis will 
change considerably.
Comment 6 Paul P Komkoff Jr 2008-07-18 12:03:43 EDT
Spec URL: http://stingr.net/reviews/md5deep.spec
SRPM URL: http://stingr.net/reviews/md5deep-3.0-1.fc10.src.rpm
Comment 7 Peter Fernandes 2008-07-22 00:19:55 EDT
Here's my review:
-rpmlint is quiet on the specfile, binary RPM and -debuginfo RPM.
-no errors or warnings in the mock build log for f9-i386 or rawhide-i386

I don't think there's an issue with whirlpool.c, as it is stated in COPYING that
the whole of the project is in the public domain and the specific license
statement is included in the file.

Everything else looks good.
Comment 8 manuel wolfshant 2008-07-25 07:50:18 EDT
Package Review
==============

Key:
 - = N/A
 x = Check
 ! = Problem
 ? = Not evaluated

=== REQUIRED ITEMS ===
 [x] Package is named according to the Package Naming Guidelines.
 [x] Spec file name must match the base package %{name}, in the format %{name}.spec.
 [x] Package meets the Packaging Guidelines.
 [x] Package successfully compiles and builds into binary rpms on at least one
supported architecture.
     Tested on: devel/x86_64, devel/i386
 [x] Rpmlint output:
source RPM: empty
binary RPM:empty
 [x] Package is not relocatable.
 [x] Buildroot is correct
(%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u}-XXXXXX))
 [!] Package is licensed with an open-source compatible license and meets other
legal requirements as defined in the legal section of Packaging Guidelines.
 [!] License field in the package spec file matches the actual license.
     License fields:GPLv2
     License of the included files: see below
 [x] If (and only if) the source package includes the text of the license(s) in
its own file, then that file, containing the text of the license(s) for the
package is included in %doc.
 [x] Spec file is legible and written in American English.
 [x] Sources used to build the package matches the upstream source, as provided
in the spec URL.
     SHA1SUM of package: 50a439b08a911e804f0acae30607a2f8940f0d99 
/tmp/md5deep-3.0.tar.gz
 [x] Package is not known to require ExcludeArch
 [x] All build dependencies are listed in BuildRequires, except for any that are
listed in the exceptions section of Packaging Guidelines.
 [-] The spec file handles locales properly.
 [-] ldconfig called in %post and %postun if required.
 [x] Package must own all directories that it creates.
 [x] Package requires other packages for directories it uses.
 [x] Package does not contain duplicates in %files.
 [x] Permissions on files are set properly.
 [x] Package has a %clean section, which contains rm -rf %{buildroot} (or
$RPM_BUILD_ROOT).
 [x] Package consistently uses macros.
 [x] Package contains code, or permissable content.
 [-] Large documentation files are in a -doc subpackage, if required.
 [x] Package uses nothing in %doc for runtime.
 [-] Header files in -devel subpackage, if present.
 [-] Static libraries in -devel subpackage, if present.
 [-] Package requires pkgconfig, if .pc files are present.
 [-] Development .so files in -devel subpackage, if present.
 [-] Fully versioned dependency in subpackages, if present.
 [x] Package does not contain any libtool archives (.la).
 [-] Package contains a properly installed %{name}.desktop file if it is a GUI
application.
 [x] Package does not own files or directories owned by other packages.

=== SUGGESTED ITEMS ===
 [x] Latest version is packaged.
 [x] Package does not include license text files separate from upstream.
 [-] Description and summary sections in the package spec file contains
translations for supported Non-English languages, if available.
 [x] Reviewer should test that the package builds in mock.
     Tested on: devel/x86_64, devel/i386
 [?] Package should compile and build into binary rpms on all supported
architectures.
     Tested on:
 [x] Package functions as described.
 [-] Scriptlets must be sane, if used.
 [-] The placement of pkgconfig(.pc) files is correct.
 [-] File based requires are sane.


Issues:
  I have to recheck the license. The md5 part vaguely resembles with the older
md5.h which was released under the problemativ RSA license and I want to verify
more carefully.
Comment 9 manuel wolfshant 2008-07-28 01:34:57 EDT
OK. I have looked over the code at it looks to be different. Package APPROVED

Note that meanwhile upstream has released a new version of the source code,
maybe you'll prefer to update the src.rpm before comit.
Comment 10 Paul P Komkoff Jr 2008-08-01 14:49:01 EDT
New Package CVS Request
=======================
Package Name: md5deep
Short Description: A set of cross-platform tools to compute hashes
Owners: stingray
Branches: F-8 F-9
Cvsextras Commits: yes
Comment 11 Kevin Fenzi 2008-08-01 22:37:06 EDT
cvs done.
Comment 12 Marcin Zajaczkowski 2008-08-23 09:14:02 EDT
Any plans to make it available in F-8 and F-9 as "updates"?
Comment 13 Fedora Update System 2008-08-23 15:45:44 EDT
md5deep-3.1-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/md5deep-3.1-1.fc9
Comment 14 Fedora Update System 2008-08-23 15:45:47 EDT
md5deep-3.1-1.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/md5deep-3.1-1.fc8
Comment 15 Fedora Update System 2008-09-10 02:50:47 EDT
md5deep-3.1-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2008-09-10 03:01:36 EDT
md5deep-3.1-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 17 Michal Ambroz 2014-01-12 06:21:14 EST
Package Change Request
=======================
Package Name: md5deep
Short Description: A set of cross-platform tools to compute hashes
Owners: stingray rebus
Branches: el5 el6 epel7

Hello SCM team, please we would like to add branches for the md5deep to support packages also for the epel branches.
Comment 18 Gwyn Ciesla 2014-01-13 07:41:45 EST
Misformatted request.
Comment 19 Michal Ambroz 2014-01-13 12:06:13 EST
Package Change Request
======================
Package Name: md5deep
New Branches: el5 el6 epel7
Owners: stingray rebus
Comment 20 Gwyn Ciesla 2014-01-13 12:19:20 EST
Git done (by process-git-requests).
Comment 21 Fedora Update System 2014-01-15 08:45:01 EST
md5deep-4.3-3.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/md5deep-4.3-3.el5
Comment 22 Fedora Update System 2014-01-15 08:45:17 EST
md5deep-4.3-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/md5deep-4.3-3.el6
Comment 23 Fedora Update System 2014-01-31 15:09:05 EST
md5deep-4.3-3.el6 has been pushed to the Fedora EPEL 6 stable repository.
Comment 24 Fedora Update System 2014-01-31 15:11:23 EST
md5deep-4.3-3.el5 has been pushed to the Fedora EPEL 5 stable repository.
Comment 25 Fedora Update System 2014-09-24 20:51:44 EDT
md5deep-4.4-1.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/md5deep-4.4-1.el7
Comment 26 Fedora Update System 2014-09-24 20:51:53 EDT
md5deep-4.4-1.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/md5deep-4.4-1.fc21
Comment 27 Fedora Update System 2014-09-24 20:52:00 EDT
md5deep-4.4-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/md5deep-4.4-1.fc20
Comment 28 Fedora Update System 2014-09-28 00:30:03 EDT
md5deep-4.4-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 29 Fedora Update System 2014-10-05 04:16:13 EDT
md5deep-4.4-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 30 Fedora Update System 2014-10-17 13:40:30 EDT
md5deep-4.4-1.el7 has been pushed to the Fedora EPEL 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.