Bug 452354 - Review Request: entertrack - Web-based artifact tracking/management system written in PHP
Summary: Review Request: entertrack - Web-based artifact tracking/management system wr...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Richard W.M. Jones
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-21 09:31 UTC by Dan Horák
Modified: 2008-12-18 17:59 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-12-18 17:59:55 UTC
Type: ---
Embargoed:
rjones: fedora-review+
kevin: fedora-cvs+


Attachments (Terms of Use)

Description Dan Horák 2008-06-21 09:31:18 UTC
Spec URL: http://fedora.danny.cz/et/entertrack.spec
SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.2-1.fc10.src.rpm
Description:
EnterTrack is an open source web-based artifact tracking/management system
written in PHP. EnterTrack is derived from Issue-Tracker v4.0.1
(www.issue-tracker.com) and adds a number of features particularly useful
to larger groups. EnterTrack provides large organizations with start-to-finish
tracking of artifacts (artifacts can be problems, bugs, requests, projects,
etc.), group collaboration for artifact management, and status reports
for high-level performance metrics.

Rpmlint warns about non-standard uid/gid for files and directories that needs to be writable by apache and errors at zero-length index.html whose purpose is to block access to the dir (some content is added in the current upstream code).

Comment 1 Dan Horák 2008-06-28 06:12:03 UTC
Update spec URL: http://fedora.danny.cz/et/entertrack.spec
Updated SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.3-1.fc10.src.rpm

ChangeLog:
- update to new upstream version 1.2.3


Comment 2 Dan Horák 2008-07-04 08:05:39 UTC
Update spec URL: http://fedora.danny.cz/et/entertrack.spec
Updated SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.4-1.fc10.src.rpm

ChangeLog:
- update to new upstream version 1.2.4


Comment 3 Dan Horák 2008-07-11 09:17:31 UTC
Update spec URL: http://fedora.danny.cz/et/entertrack.spec
Updated SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.5-1.fc10.src.rpm

ChangeLog:
- update to new upstream version 1.2.5


Comment 4 Dan Horák 2008-08-08 10:58:45 UTC
Update spec URL: http://fedora.danny.cz/et/entertrack.spec
Updated SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.6-1.fc10.src.rpm

ChangeLog:
- update to new upstream version 1.2.6

Comment 5 Richard W.M. Jones 2008-09-02 13:57:45 UTC
+ rpmlint output

  Lots and lots of:

  entertrack.noarch: W: non-standard-uid /var/lib/entertrack/cache apache
  entertrack.noarch: W: non-standard-gid /var/lib/entertrack/cache apache
  entertrack.noarch: W: non-standard-uid /var/lib/entertrack/sessions apache
  entertrack.noarch: W: non-standard-gid /var/lib/entertrack/sessions apache

  As far as I'm aware these warnings are harmless.

+ package name satisfies the packaging naming guidelines

  Because this isn't a PHP add-on, it doesn't need to obey the PHP naming
  guidelines.

+ specfile name matches the package base name
+ package should satisfy packaging guidelines
? license meets guidelines and is acceptable to Fedora

  I'm dubious about this package.  It includes a wholesale copy
  of JpGraph (http://www.aditus.nu/jpgraph/jpdownload.php).

  The files say simply "All Rights Reserved" but the website says
  "JpGraph is released under a dual license. QPL 1.0 (Qt Free
  Licensee) For non-commercial, open-source or educational
  use and JpGraph Professional License for commercial use."

  This is "open source" (very loosely defined), but not
  "non-commercial".  Is this the free or the professional
  version?

  At the very minimum I think we need to run this one past
  Tom 'spot' Callaway, and I'd be happier if you could check
  that the copy included is not the professional version.

  The email/ directory is another copied package, license
  GPL (version unspecified).

  The includes/ directory is LGPLv2+.

- license matches the actual package license
+ %doc includes license file

  %doc includes one of the license files anyway.

+ spec file written in American English
+ spec file is legible
+ upstream sources match sources in the srpm
  87e141f72ce3994cf499e31d3e6a0274 916402
+ package successfully builds on at least one architecture
  i386
n/a ExcludeArch bugs filed
+ BuildRequires list all build dependencies
? %find_lang instead of %{_datadir}/locale/*

  Probably could have installed the po files using %find_lang
  instead of deleting them. Was there a problem with them?

n/a binary RPM with shared library files must call ldconfig in %post and %postun
+ does not use Prefix: /usr
+ package owns all directories it creates
+ no duplicate files in %files
+ %defattr line
+ %clean contains rm -rf $RPM_BUILD_ROOT
+ consistent use of macros
? package must contain code or permissible content
n/a large documentation files should go in -doc subpackage
+ files marked %doc should not affect package
n/a header files should be in -devel
n/a static libraries should be in -static
n/a packages containing pkgconfig (.pc) files need 'Requires: pkgconfig'
n/a libfoo.so must go in -devel
n/a -devel must require the fully versioned base
n/a packages should not contain libtool .la files
n/a packages containing GUI apps must include %{name}.desktop file
+ packages must not own files or directories owned by other packages
+ %install must start with rm -rf %{buildroot} etc.
+ filenames must be valid UTF-8

Optional:

? if there is no license file, packager should query upstream
n/a translations of description and summary for non-English languages, if available
- reviewer should build the package in mock
- the package should build into binary RPMs on all supported architectures
- review should test the package functions as described
n/a scriptlets should be sane
n/a pkgconfig files should go in -devel
+ shouldn't have file dependencies outside /etc /bin /sbin /usr/bin or /usr/sbin

Comment 6 Dan Horák 2008-09-02 15:08:33 UTC
Hm, it looks like that JpGraph is a bit problematic - http://fedoraproject.org/wiki/FWN/Issue82#JPGraph_License_Query_Shows_How_To_Remove_A_Package. I will remove it from the released source package completely, the cost will be non-working graph creation, but that is already mentioned in conf/paths.conf. I will talk about that issue with EnterTrack's upstream.

Comment 7 Dan Horák 2008-09-12 12:31:50 UTC
The inclusion of JpGraph library was posted upstream, see http://sourceforge.net/forum/forum.php?thread_id=2202649&forum_id=430769 for details.

Updated spec URL: http://fedora.danny.cz/et/entertrack.spec
Updated SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.6-2.fc10.src.rpm

ChangeLog:
- remove JpGraph library from the source archive until done by upstream
- fix License tag

Comment 8 Richard W.M. Jones 2008-12-16 13:01:13 UTC
That corrects all the problems found in the original review, so:

APPROVED.

Comment 9 Dan Horák 2008-12-16 13:26:05 UTC
New Package CVS Request
=======================
Package Name: entertrack
Short Description: Artifact tracking/management system
Owners: sharkcz
Branches: F-9 F-10 EL-5

Comment 10 Kevin Fenzi 2008-12-17 22:07:32 UTC
cvs done.

Comment 11 Dan Horák 2008-12-18 17:59:55 UTC
Imported and built.

Thanks for the review.


Note You need to log in before you can comment on or make changes to this bug.