Bug 452454 - Review Request: perl-Crypt-Rijndael - Crypt::CBC compliant Rijndael encryption module
Review Request: perl-Crypt-Rijndael - Crypt::CBC compliant Rijndael encryptio...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Tibbitts
Fedora Extras Quality Assurance
:
Depends On:
Blocks: F-Spacewalk
  Show dependency treegraph
 
Reported: 2008-06-22 23:05 EDT by Nigel Jones
Modified: 2008-07-15 08:16 EDT (History)
3 users (show)

See Also:
Fixed In Version: 1.06-2.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-15 08:13:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
tibbs: fedora‑review+
kevin: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Nigel Jones 2008-06-22 23:05:13 EDT
Spec URL: http://dev.nigelj.com/SRPMS/perl-Crypt-Rijndael.spec
SRPM URL: http://dev.nigelj.com/SRPMS/perl-Crypt-Rijndael-1.06-1.fc9.src.rpm
Description: 
This module implements the Rijndael cipher, which has just been selected as
the Advanced Encryption Standard.
Comment 2 Jason Tibbitts 2008-06-24 20:26:06 EDT
Wow, I could swear that I typed in a bunch of information but somehow it was
lost.  Crap.  Let me see if I can remember what I wrote.

This package seems quite confused about its license.

Makefile.PL says "gpl".
META.yml says "gpl".
COPYING includes a copy of the LGPL (v2).
README says "GNU Public License".  Note that there's no such thing.
Rijndael.pm also says "GNU Public License", but then refers to the COPYING file.
_rijndael.c says LGPLv2+.
rijndael.h also says LGPLv2+.

And the spec has LGPLv2 only.

I'm pretty sure that things are really LGPLv2+ and the authors are just a bit
confused about what to call it, but it would be a good idea to check with them
and perhaps get them to clarify.

Anyway, that's the only issue I see here.  I'll go ahead and approve this with
the license tag changed to LGPLv2+ and in the unlikely event that's not what the
authors intended you can fix it up at that time.

* source files match upstream:
  f319f8ba16884759e8d2353d7dfcd8cabcc2a0bd39a8f4613b8fe43beef1623f  
   Crypt-Rijndael-1.06.tar.gz
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
X license field doesn't seem to match the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper.
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly.
* debuginfo package looks complete.
* rpmlint is silent.
* final provides and requires are sane:
   Rijndael.so()(64bit)
   perl(Crypt::Rijndael) = 1.06
   perl-Crypt-Rijndael = 1.06-2.fc10
  =
   perl(:MODULE_COMPAT_5.10.0)
   perl(DynaLoader)
   perl(Test::Manifest) >= 1.14
   perl(Test::More)
   perl(strict)
   perl(vars)
   perl(warnings)

* %check is present and all tests pass:
   All tests successful.
   Files=11, Tests=121,  0 wallclock secs ( 0.34 cusr +  0.06 csys =  0.40 CPU)
* no shared libraries are added to the regular linker search paths.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* no scriptlets present.
* code, not content.
* documentation is small, so no -doc subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.
* no headers.
* no pkgconfig files.
* no static libraries.
* no libtool .la files.

APPROVED
Comment 3 Nigel Jones 2008-06-24 22:38:30 EDT
(In reply to comment #2)
> Wow, I could swear that I typed in a bunch of information but somehow it was
> lost.  Crap.  Let me see if I can remember what I wrote.
> 
> This package seems quite confused about its license.
> 
> Makefile.PL says "gpl".
> META.yml says "gpl".
> COPYING includes a copy of the LGPL (v2).
> README says "GNU Public License".  Note that there's no such thing.
> Rijndael.pm also says "GNU Public License", but then refers to the COPYING file.
> _rijndael.c says LGPLv2+.
> rijndael.h also says LGPLv2+.
> 
> And the spec has LGPLv2 only.
> 
> I'm pretty sure that things are really LGPLv2+ and the authors are just a bit
> confused about what to call it, but it would be a good idea to check with them
> and perhaps get them to clarify.
Nice spotting, I'll fix this now.
> APPROVED
Thank you

New Package CVS Request
=======================
Package Name: perl-Crypt-Rijndael
Short Description: Crypt::CBC compliant Rijndael encryption module
Owners: nigelj
Branches: F-8 F-9 EL-4 EL-5
InitialCC: perl-sig
Cvsextras Commits: yes
Comment 4 Kevin Fenzi 2008-06-24 22:49:17 EDT
cvs done.
Comment 5 Michael Stahnke 2008-07-09 17:31:38 EDT
Nigel, can you submit these builds and updates to koji/plague/bodhi?  That way
the spacewalk team can try building against this and hopefully remove this rpm
source from their git tree. 
Comment 6 Fedora Update System 2008-07-11 10:03:18 EDT
perl-Crypt-Rijndael-1.06-2.fc8 has been submitted as an update for Fedora 8
Comment 7 Fedora Update System 2008-07-11 10:03:37 EDT
perl-Crypt-Rijndael-1.06-2.fc9 has been submitted as an update for Fedora 9
Comment 8 Fedora Update System 2008-07-15 08:13:02 EDT
perl-Crypt-Rijndael-1.06-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2008-07-15 08:16:35 EDT
perl-Crypt-Rijndael-1.06-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.