Spec URL: http://mmaslano.fedorapeople.org/review/perl-YAML-LibYAML.spec
SRPM URL: http://mmaslano.fedorapeople.org/review/perl-YAML-LibYAML-0.32-1.fc11.src.rpm
Kirill Siminov's "libyaml" is arguably the best YAML
implementation. The C library is written precisely to the YAML 1.1
specification. It was originally bound to Python and was later
bound to Ruby.
+ package builds in mock (rawhide i586).
koji Build => http://koji.fedoraproject.org/koji/taskinfo?taskID=1328734
+ rpmlint is silent for SRPM and for RPM.
+ source files match upstream url
You are fast, thank you.
+ make test gave
All tests successful.
Files=25, Tests=254, 4 wallclock secs ( 0.08 usr 0.03 sys + 3.47 cusr 0.39 csys = 3.97 CPU)
+ Package perl-YAML-LibYAML-0.32-2.fc12.i586 =>
Provides: LibYAML.so perl(YAML::LibYAML) = 0.18 perl(YAML::XS) = 0.32 perl(YAML::XS::LibYAML)
Requires: libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.3.4) perl >= 0:5.008003 perl(B::Deparse) perl(XSLoader) perl(YAML::XS::LibYAML) perl(base) perl(constant) perl(strict) perl(warnings) rtld(GNU_HASH)
New Package CVS Request
Package Name: perl-YAML-LibYAML
Short Description: YAML Serialization using XS and libyaml
Package Change Request
Package Name: perl-YAML-LibYAML
New Branches: EL-6
13:42 <marca_> do you need my help or can you take them in EPEL?
13:42 <tremble> I'm quite happy to take them in EPEL, just need your approval as the Fedora owner
13:43 <marca_> ok, so I only write into bz comment
13:43 <tremble> Ok
13:44 <tremble> Would you prefer to be in there as a co-owner or would you rather just leave the EL branches to me?
13:45 * tremble thanks you.
13:45 <marca_> no, I don't have time for EL. Take it
CVS done (by process-cvs-requests.py).
Perl YAML-LibYAML bundles libyaml.
> Kirill Siminov's C<libyaml> is arguably the best YAML implementation.
> The C library is written precisely to the YAML 1.1 specification. It was
> originally bound to Python and was later bound to Ruby.
> This module is a Perl XS binding to libyaml which offers Perl the best
> YAML support to date.
However this is not just a binding. This a pure bundling because LibYAML directory copies yaml sources:
$ find -name '*.c' -o -name '*.h'
How is possible this review has passed?
Just wonder then how this can be detected in Automated Review Server???
looks like above is related to recently filed security bugs.
(In reply to Parag AN(पराग) from comment #10)
> Just wonder then how this can be detected in Automated Review Server???
If bundled code does not mangle function names, one can check symbols from debuginfo against exported symbols from system libraries.
Or one can check compilation source file names or compilation unit names between debuginfo packages. I've already receieved a bug report based on this heuristic.
However this is the reason why the Automated Review Server, whatever it is, will never supersede human reviewer and thus I believe Fedora will always require human reviews.
> looks like above is related to recently filed security bugs.
I just checked the package and found its bundling the source of libyaml which should have been checked at the time of initial package review but looks like got overlooked.
Should this need FESCo ticket for exception? if not then this package need to be dropped.
We will try to unbundle it.