This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 486672 - Review Request: python-hashlib - Secure hash and message digest algorithm library
Review Request: python-hashlib - Secure hash and message digest algorithm lib...
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: manuel wolfshant
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-02-20 17:29 EST by Dennis Gilmore
Modified: 2009-04-15 03:00 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-04-15 03:00:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
wolfy: fedora‑review+
dennis: fedora‑cvs+

Attachments (Terms of Use)

  None (edit)
Description Dennis Gilmore 2009-02-20 17:29:29 EST
Spec URL:
This is a stand alone packaging of the hashlib library introduced in
Python 2.5 so that it can be used on older versions of Python.

This is for EL-5 only,  its needed to make sure mergerepos work in koji with repos using sha256 data
Comment 1 manuel wolfshant 2009-02-20 17:35:48 EST
expect full review in a couple of minutes. I've used the same package in F7 so I expect no surprises
Comment 2 manuel wolfshant 2009-02-20 18:04:16 EST
Package Review

 - = N/A
 x = Check
 ! = Problem
 ? = Not evaluated

 [x] Package is named according to the Package Naming Guidelines.
 [x] Spec file name must match the base package %{name}, in the format %{name}.spec.
 [x] Package meets the Packaging Guidelines.
 [x] Package successfully compiles and builds into binary rpms on at least one supported architecture.
     Tested on: Centos5/x86_64, Fedora 7/x86_64
 [!] Rpmlint output:
source RPM: W: invalid-license PSF license
binary RPM: W: invalid-license PSF license
==> See note 1
 [x] Package is not relocatable.
 [x] Buildroot is correct (%{_tmppath}/%{name}-%{version}-%{release}-buildroot) (not exactly one of the recommended values but not too far either :) )
 [x] Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines.
 [!] License field in the package spec file matches the actual license.
     License type: Python License
==> See also note 1
 [x] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
 [x] Spec file is legible and written in American English.
 [x] Sources used to build the package match the upstream source, as provided in the spec URL.
     SHA1SUM of package: 9131c25457639b8e0e1612ef30991adb73abf2b1  hashlib-20081119.tar.gz
 [x] Package is not known to require ExcludeArch:
 [x] All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines.
 [-] The spec file handles locales properly.
 [-] ldconfig called in %post and %postun if required.
 [x] Package must own all directories that it creates.
 [x] Package requires other packages for directories it uses.
 [!] Package does not contain duplicates in %files.
==> see note 2
 [x] Permissions on files are set properly.
 [x] Package has a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT).
 [x] Package consistently uses macros.
 [x] Package contains code, or permissable content.
 [-] Large documentation files are in a -doc subpackage, if required.
 [x] Package uses nothing in %doc for runtime.
 [-] Header files in -devel subpackage, if present.
 [-] Static libraries in -devel subpackage, if present.
 [-] Package requires pkgconfig, if .pc files are present.
 [-] Development .so files in -devel subpackage, if present.
 [-] Fully versioned dependency in subpackages, if present.
 [x] Package does not contain any libtool archives (.la).
 [-] Package contains a properly installed %{name}.desktop file if it is a GUI application.
 [x] Package does not own files or directories owned by other packages.
 [x] Final provides and requires are sane.

 [x] Latest version is packaged.
 [x] Package does not include license text files separate from upstream.
 [ ] Description and summary sections in the package spec file contains translations for supported Non-English languages, if available.
 [x] Reviewer should test that the package builds in mock.
     Tested on: centos5/x86_64
 [?] Package should compile and build into binary rpms on all supported architectures.
     Tested on:
 [x] Package functions as described.
 [-] Scriptlets must be sane, if used.
 [-] The placement of pkgconfig(.pc) files is correct.
 [-] File based requires are sane.
 [!] %check is present and the test passes.
=> bundled tests are not run

Couple of small issues:
1. The license tag is not correct:
  [wolfy@wolfy result]$ rpmlint *rpm
  python-hashlib.src: W: invalid-license PSF license
  python-hashlib.x86_64: W: invalid-license PSF license
  python-hashlib-debuginfo.x86_64: W: invalid-license PSF license
  3 packages and 0 specfiles checked; 0 errors, 3 warnings.
I am afraid this license is not in the list from . If I am not mistaken the approved tag is "Python" or "Python license"

2. warning: source file `README.txt' specified more than once

- please be as kind as to change the license tag to the accepted value
- as there is exactly one .txt file, please drop either README.txt or *.txt from %doc

I'll trust you to fix those aspects before commit. APPROVED and thanks (Dennis & Seth) for supporting EPEL.
Comment 3 Dennis Gilmore 2009-02-20 18:23:18 EST
Package Name: python-hashlib
Short Description: Secure hash and message digest algorithm library
Owners: ausil skvidal
Branches: EL-5

CVS Done, 

Thanks for the quick review
Comment 4 manuel wolfshant 2009-02-20 18:33:12 EST
Just wondering: what's the 
 Prefix: %{_prefix}
needed for ?
Comment 5 Dennis Gilmore 2009-04-15 03:00:14 EDT
Closing as its pushed now.

Prefix ill remove next update

Note You need to log in before you can comment on or make changes to this bug.