Spec URL: http://jjames.fedorapeople.org/jsr-305/jsr-305.spec SRPM URL: http://jjames.fedorapeople.org/jsr-305/jsr-305-0-0.1.20071105svn.src.rpm Description: This package contains reference implementations, test cases, and other documents for Java Specification Request 305: Annotations for Software Defect Detection. This is a prerequisite for findbugs. There has been no official release, so it is a snapshot of the Subversion repository, whose last checkin occurred on 5 Nov 2007. The license terms do not appear in any file in the repository, so I have included a downloaded copy of http://code.google.com/p/jsr-305/index.html, which claims that the project is available under the "New BSD License", which is the "BSD" license tag for Fedora.
I forgot to note that I asked upstream to include a license file: http://groups.google.com/group/jsr-305/msg/959fee95941a8743. I made this request on 18 Apr 2008, with no response so far.
Upstream has been active recently. The patches from my original submission have been accepted. Unfortunately, there is still no license file. New versions of the spec and srpm are here: Spec URL: http://jjames.fedorapeople.org/jsr-305/jsr-305.spec SRPM URL: http://jjames.fedorapeople.org/jsr-305/jsr-305-0-0.1.20080527svn.src.rpm
I have essentially no idea what this package is for, and very little knowledge of Java, but it's been in the queue for six weeks and I can read the packaging guidelines as well as anyone else so I'll see what I can do. This builds fine for me; rpmlint says: jsr-305.x86_64: W: non-conffile-in-etc /etc/maven/fragments/jsr-305 Unfortunate; these should be under /usr/share but that's what our maven package does so you have no choice. jsr-305.x86_64: W: non-standard-group Development/Libraries/Java jsr-305-javadoc.x86_64: W: non-standard-group Development/Documentation These don't matter; we don't care what goes in Group:. The URL in the spec (and the comment before the License: tag, and what's in Source1) are 404 for me. It works if you remove the "index.html" bit. I don't think it's necessary to include a copy of the upstream web page to prove the license, although if you have a copy of the email sent in response to your query, perhaps you might want to include that. If you do want to include a copy, though, please do use a functioning URL. You will need to include instructions for actually obtaining the subversion snapshot that you include in the package. And it would be a good idea to version the tarball as well. See http://fedoraproject.org/wiki/Packaging/SourceURL Looking at the debug package, it seems that a bunch of the source is missing. I do not know enough about java to tell if something's gone wrong here or if the source files just aren't supposed to be there for whatever reason. Can you have a look? I thought the Java folks had decided that they didn't want to make unversioned symlinks for javadocs. I don't, however, see it in any of the guidelines, neither encouraged nor discouraged. This package should not own /etc/maven/fragments. The same goes for /usr/share/maven2/poms. Unfortunately this is actually specified by the guidelines, so I'm working to try and get the guidelines fixed, because this is simply broken. The guidelines indicate that all of the aot compilation bits should be conditionalized. X can't compare source files with upstream; no instructions for making the svn checkout and Source1: URL does not exist. * package meets naming and versioning guidelines. * specfile is properly named, is cleanly written and uses macros consistently. * summary is OK. * description is OK. * dist tag is present. * build root is OK. * license field matches the actual license. * license is open source-compatible. * license text not included upstream. * BuildRequires are proper. * %clean is present. * package builds in mock (rawhide, x86_64). * package installs properly. ? debuginfo package looks a bit too empty. * rpmlint has acceptable complaints. * final provides and requires are sane: jsr-305-0-0.1.20080527svn.fc10.x86_64.rpm jsr-305-0.jar.so()(64bit) jsr-305 = 0-0.1.20080527svn.fc10 = /bin/sh java >= 1.5 java-gcj-compat >= 1.0.31 jpackage-utils libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcj_bc.so.1()(64bit) libz.so.1()(64bit) jsr-305-javadoc-0-0.1.20080527svn.fc10.x86_64.rpm jsr-305-javadoc = 0-0.1.20080527svn.fc10 = jpackage-utils jsr-305 = 0-0.1.20080527svn.fc10 * %check is not present; no test suite usptream. (Although there's a couple of test directories in the tarball, they're empty.) * no shared libraries are added to the regular linker search paths. * owns the directories it creates. X shouldn't own /etc/maven/fragments or /usr/share/maven2/poms * no duplicates in %files. * file permissions are appropriate. X scriptlets shoudl consitionalize the aot bits. * code, not content. * %docs are not necessary for the proper functioning of the package. * no pre-built jars * single jar, named after the package * jarfiles are under _javadir. * javadocs are under _javadocdir. * maven called properly. * no wrapper script necessary. X gcj should be called conditionally.
Thanks once again for doing a review for me, Jason. This package defines some annotations that Java programmers use to declare various properties of their code. Those annotations are consumed by the findbugs tool, which I will be submitting to Fedora Real Soon Now. I fixed the broken URLs and dropped the index.html file. Incidentally, upstream has promised to include a LICENSE file at some point; see http://groups.google.com/group/jsr-305/msg/e6d62dc6cd7fe361. This is noted in the spec file. I have included subversion checkout instructions, and have versioned the tarball. I have made the package own what it puts into /etc/maven/fragments and /usr/share/maven2/poms instead of owning the directories. As far as I know, the question about versioned symlinks for javadocs is still unresolved, so I left that bit alone. I have conditionalized the GCJ bits. Some source files do not appear in the debuginfo package because they contain no code. Those files contain only annotation definitions. This is why I dropped the GCJ bits from the jcip-annotations package altogether, because GCJ produces nothing useful from annotation definition only files. There are some files with code in this package, though, so I left the GCJ bits in; those files show up in the debuginfo package. New versions of the spec file and SRPM are here: http://jjames.fedorapeople.org/jsr-305/jsr-305.spec http://jjames.fedorapeople.org/jsr-305/jsr-305-0-0.1.20080613svn.src.rpm
Thanks for the info, and the description of the debuginfo package. The ownership (and perhaps location) of the maven directories is under discussion currently and its possible that ownership of those directories will move into jpackage-utils by the end of the week. I'm going to go ahead and take this for review, but I'm going to wait until that situation becomes clear before I approve anything.
I understand. I'm in no hurry. I have to wait for the next findbugs release anyway, which will include some patches I pushed upstream that fix a handful of build/deployment problems on Fedora. Thanks again.
OK, please let me know when you'd like for me to take another look. The java folks have indicated that the directory ownership bits will be fixed soon so I'm prepared to move forward with this whenever you're ready.
I'd like to proceed with this package once the maven directory issue is finalized. That way it can be in place when the next findbugs release occurs.
Has the maven directory issue been resolved? If so, I'd like to move forward with this review. A new findbugs release is supposed to be out within the next couple of weeks, and I'd like to have this package in place by then. Upstream (which is also upstream for findbugs) has been active recently with some changes needed for the new findbugs version. New versions of the spec file and SRPM are here: http://jjames.fedorapeople.org/jsr-305/jsr-305.spec http://jjames.fedorapeople.org/jsr-305/jsr-305-0-0.1.20080721svn.src.rpm
I believe that the maven stuff is done, but I am out of the country for another few days so I won't be able to look at this until, most likely, next weekend.
OK, I'm back from vacation and have my build infrastructure running again. Things still build. The checkout instructions work fine. The directory ownership issues are resolved on all sides. debuginfo issues are explained. gcj bits are conditionalized properly. Everything looks good to me; APPROVED
New Package CVS Request ======================= Package Name: jsr-305 Short Description: Java annotations for software defect detection Owners: jjames Branches: F-9 InitialCC: Cvsextras Commits: yes
cvs done.
I still haven't figured out what to do about the missing PPC64 maven2 on Fedora 9, but this package now exists in Rawhide, so I'm closing this bug. Thanks, Jason!
Package Change Request ====================== Package Name: jsr-305 New Branches: el6 epel7 Owners: richardfearn
Git done (by process-git-requests).