Bug 477533 - Review Request: rubygem-mechanize - A handy web browsing ruby object
Review Request: rubygem-mechanize - A handy web browsing ruby object
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Orcan Ogetbil
Fedora Extras Quality Assurance
:
Depends On: 477883
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-21 12:16 EST by Mamoru TASAKA
Modified: 2009-01-24 11:27 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-24 11:27:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
oget.fedora: fedora‑review+
kevin: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Mamoru TASAKA 2008-12-21 12:16:25 EST
Spec URL: http://mtasaka.fedorapeople.org/Review_request/rubygem-mechanize/rubygem-mechanize.spec
SRPM URL: http://mtasaka.fedorapeople.org/Review_request/rubygem-mechanize/rubygem-mechanize-0.8.5-2.fc.src.rpm
Koji scratch build:
For dist-f11: http://koji.fedoraproject.org/koji/taskinfo?taskID=1014077
For dist-f10: http://koji.fedoraproject.org/koji/taskinfo?taskID=1014079

Description: 
The Mechanize library is used for automating interaction with websites. 
Mechanize automatically stores and sends cookies, follows redirects, 
can follow links, and submit forms. Form fields can be populated and 
submitted. Mechanize also keeps track of the sites that you have 
visited as a history.
Comment 2 Mamoru TASAKA 2008-12-24 13:42:31 EST
koji scratch build:
- For dist-f11: http://koji.fedoraproject.org/koji/taskinfo?taskID=1020855
- For dist-f10: http://koji.fedoraproject.org/koji/taskinfo?taskID=1020856
Comment 3 Orcan Ogetbil 2009-01-18 17:30:57 EST
Hi Mamoru,
I reviewed this package. There are a few minor things to go through:

* rpmlint gives bunch of dangling-symlink warnings. But these are resolved by the dependencies by the packages, so it is OK.
The other rpmlint complaints are:
   rubygem-mechanize.noarch: E: zero-length /usr/lib/ruby/gems/1.8/gems/mechanize-0.9.0/lib/www/mechanize/chain/post_connect_hook.rb
      Is this needed?
   rubygem-mechanize-doc.noarch: W: no-documentation
      I see that both rubygem-gettext-doc and rubygem-zoom-doc install their documentation (examples,test) inside %doc
      What is the reason that this package is different?
   rubygem-mechanize-doc.noarch: E: script-without-shebang /usr/lib/ruby/gems/1.8/gems/mechanize-0.9.0/test/htdocs/google.html
      This is possibly a wrong permission error. It can easily be fixed.
   ruby-mechanize.noarch: W: no-documentation
      This one can be ignored.

* I don't think we need to package Manifest.txt. Do we usually package manifest files on ruby packages?

* The license file and the website license page say GPLv2+. The source code files do not indicate a license. I think setting the license as GPLc2+ will be more appropriate.

* Latest version must be packaged. I can't find any information to confirm this. Where is download section on the website?

* Ruby guidelines say: "A ruby extension/library package must indicate what it provides with a Provides: ruby(LIBRARY) = VERSION declaration in the spec file"
   So I think 
      Provides:       ruby(%{gemname}) = %{version}-%{release}
      Provides:       rubygem(%{gemname}) = %{version}-%{release}
   must be changed to 
      Provides:       ruby(%{gemname}) = %{version}
      Provides:       rubygem(%{gemname}) = %{version}

* Do we need this line:?
   #Requires:      rubygem(hoe)
Comment 4 Mamoru TASAKA 2009-01-19 12:04:22 EST
Thank you for initial comments.

(In reply to comment #3)
>    rubygem-mechanize.noarch: E: zero-length
> /usr/lib/ruby/gems/1.8/gems/mechanize-0.9.0/lib/www/mechanize/chain/post_connect_hook.rb
- From quick glance it does not seem to be needed, however for now
  I will leave this file as it is.

>       I see that both rubygem-gettext-doc and rubygem-zoom-doc install their
> documentation (examples,test) inside %doc
>       What is the reason that this package is different?
- The way on this package is usual. For the other two packages (especially
  for rubygem-gettext) I wanted to strip gem file itself so I removed
  some document files from gem itself and installed the removed files
  by %doc method.

>    rubygem-mechanize-doc.noarch: E: script-without-shebang
> /usr/lib/ruby/gems/1.8/gems/mechanize-0.9.0/test/htdocs/google.html
- Fixed.
 
> * I don't think we need to package Manifest.txt. 
- Removed.

> * The license file and the website license page say GPLv2+. The source code
> files do not indicate a license. I think setting the license as GPLc2+ will be
> more appropriate.
- Well, what URL shows that this is under GPLv2"+"?
  (note that I saw that rubyforge.org website says that this is
   under GPLv2, however I guess this license tag is automatically tagged
   from license text. Moreover I saw that in many cases the license
   tag on website is wrong....)

> * Latest version must be packaged. I can't find any information to confirm
> this. Where is download section on the website?
- See: http://gems.rubyforge.org/gems/

> * Ruby guidelines say: "A ruby extension/library package must indicate what it
> provides with a Provides: ruby(LIBRARY) = VERSION declaration in the spec file"
>    So I think 
>       Provides:       ruby(%{gemname}) = %{version}-%{release}
>       Provides:       rubygem(%{gemname}) = %{version}-%{release}
>    must be changed to 
>       Provides:       ruby(%{gemname}) = %{version}
>       Provides:       rubygem(%{gemname}) = %{version}

- Provides: rubygem(%{gemname}) = %{version}-%{release} also
  provides rubygem(%{gemname}) = %{version} and I want to write
  this more strictly for some reason.

> * Do we need this line:?
>    #Requires:      rubygem(hoe)
- This dependency is implied by gemspec file, however currently I don't
  see this is needed. So for now I want to keep this comment.

http://mtasaka.fedorapeople.org/Review_request/rubygem-mechanize/rubygem-mechanize-0.9.0-2.fc.src.rpm
http://mtasaka.fedorapeople.org/Review_request/rubygem-mechanize/rubygem-mechanize.spec
* Tue Jan 20 2009 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.9.0-2
- Some cleanup

For dist-f11:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1066652
For dist-f10:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1066658
Comment 5 Orcan Ogetbil 2009-01-19 17:43:34 EST
(In reply to comment #4)
> Thank you for initial comments.
> 
You're welcome.

> (In reply to comment #3)
> > * The license file and the website license page say GPLv2+. The source code
> > files do not indicate a license. I think setting the license as GPLc2+ will be
> > more appropriate.
> - Well, what URL shows that this is under GPLv2"+"?
>   (note that I saw that rubyforge.org website says that this is
>    under GPLv2, however I guess this license tag is automatically tagged
>    from license text. Moreover I saw that in many cases the license
>    tag on website is wrong....)
> 

On the bottom of the homepage for this gem:
http://mechanize.rubyforge.org/mechanize/
there is a LICENSE section. When I click on the LICENSE, it gives me the full text of GPLv2 (which has the "or later" clause).

Don't you think we should believe the website?


> > * Latest version must be packaged. I can't find any information to confirm
> > this. Where is download section on the website?
> - See: http://gems.rubyforge.org/gems/
> 

Yeah I tried to go there before and got a 403 mirror. I guess I hit to a bad mirror. Now I confirm that 0.9.0 is the latest version.

Everything else is fine.

----------------------------------------------------
This package (rubygem-mechanize) is APPROVED by oget
----------------------------------------------------
Comment 6 Mamoru TASAKA 2009-01-20 00:26:33 EST
Thank you.

(In reply to comment #5)
> > (In reply to comment #3)
> > > * The license file and the website license page say GPLv2+. The source code
> > > files do not indicate a license. I think setting the license as GPLc2+ will be
> > > more appropriate.
> > - Well, what URL shows that this is under GPLv2"+"?
> >   (note that I saw that rubyforge.org website says that this is
> >    under GPLv2, however I guess this license tag is automatically tagged
> >    from license text. Moreover I saw that in many cases the license
> >    tag on website is wrong....)
> > 
> 
> On the bottom of the homepage for this gem:
> http://mechanize.rubyforge.org/mechanize/
> there is a LICENSE section. When I click on the LICENSE, it gives me the full
> text of GPLv2 (which has the "or later" clause).
> 
> Don't you think we should believe the website?

- LICENSE section says this is just under GPL and the following link
  shows just GPLv2 license text ("any later" clause is just a example
  also written in "other" GPLv2 license text). So this does not
  render this package to be under GPLv2.

New Package CVS Request
=======================
Package Name:         rubygem-mechanize
Short Description:    A handy web browsing ruby object
Owners:               mtasaka
Branches:             F-10 F-9
InitialCC:            (nobody)
Comment 7 Kevin Fenzi 2009-01-20 16:15:17 EST
If all you have to go on is the LICENSE.txt file, the spec file should have 'GPL+' because it could be under any version of the GPL. 

https://fedoraproject.org/wiki/Licensing/FAQ#How_do_I_figure_out_what_version_of_the_GPL.2FLGPL_my_package_is_under.3F
Comment 8 Mamoru TASAKA 2009-01-20 21:50:25 EST
(In reply to comment #7)
> If all you have to go on is the LICENSE.txt file, the spec file should have
> 'GPL+' because it could be under any version of the GPL. 
> 
> https://fedoraproject.org/wiki/Licensing/FAQ#How_do_I_figure_out_what_version_of_the_GPL.2FLGPL_my_package_is_under.3F

It is already.
Comment 9 Orcan Ogetbil 2009-01-20 22:10:20 EST
(In reply to comment #7)
> If all you have to go on is the LICENSE.txt file, the spec file should have
> 'GPL+' because it could be under any version of the GPL. 
> 
> https://fedoraproject.org/wiki/Licensing/FAQ#How_do_I_figure_out_what_version_of_the_GPL.2FLGPL_my_package_is_under.3F

I thought so but I heard mixed opinions about this. See, e.g. comments 22, 23 and 24 in bug #444366 . deco does not have any GPL version info in source files but I was told to set the license tag as GPLv3 instead of GPL+.

Different people suggest different things...
Comment 10 Orcan Ogetbil 2009-01-20 22:13:06 EST
Sorry, nevermind my last message. It was a different situation. 
I think I'm just confusing myself :)
Comment 11 Kevin Fenzi 2009-01-20 23:48:33 EST
Sorry, I must have looked at a eariler spec, the one from comment #4 does indeed have GPL+. 

Sorry for my confusion.
Comment 12 Kevin Fenzi 2009-01-23 18:26:54 EST
cvs done.
Comment 13 Mamoru TASAKA 2009-01-24 11:27:30 EST
Rebuilt on all branches, submit push requests on bodhi for F-10/9, closing.

Thank you for the review and CVS procedure.

Note You need to log in before you can comment on or make changes to this bug.