Spec URL: http://mmaslano.fedorapeople.org/review/perl-YAML-LibYAML.spec SRPM URL: http://mmaslano.fedorapeople.org/review/perl-YAML-LibYAML-0.32-1.fc11.src.rpm Description: Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby.
Review: + package builds in mock (rawhide i586). koji Build => http://koji.fedoraproject.org/koji/taskinfo?taskID=1328734 + rpmlint is silent for SRPM and for RPM. + source files match upstream url 7a8b9258a311e52d0938744ad2ddfc4d YAML-LibYAML-0.32.tar.gz Build failed. Add BR:perl-Test-More
You are fast, thank you. http://koji.fedoraproject.org/koji/taskinfo?taskID=1328927
http://mmaslano.fedorapeople.org/review/perl-YAML-LibYAML.spec http://mmaslano.fedorapeople.org/review/perl-YAML-LibYAML-0.32-2.fc11.src.rpm
+ make test gave All tests successful. Files=25, Tests=254, 4 wallclock secs ( 0.08 usr 0.03 sys + 3.47 cusr 0.39 csys = 3.97 CPU) + Package perl-YAML-LibYAML-0.32-2.fc12.i586 => Provides: LibYAML.so perl(YAML::LibYAML) = 0.18 perl(YAML::XS) = 0.32 perl(YAML::XS::LibYAML) Requires: libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.3.4) perl >= 0:5.008003 perl(B::Deparse) perl(XSLoader) perl(YAML::XS::LibYAML) perl(base) perl(constant) perl(strict) perl(warnings) rtld(GNU_HASH) APPROVED.
New Package CVS Request ======================= Package Name: perl-YAML-LibYAML Short Description: YAML Serialization using XS and libyaml Owners: mmaslano Branches: F-11 InitialCC: perl-sig
CVS Done
Package Change Request ====================== Package Name: perl-YAML-LibYAML New Branches: EL-6 Owners: tremble https://bugzilla.redhat.com/show_bug.cgi?id=609807 + IRC : 13:42 <marca_> do you need my help or can you take them in EPEL? 13:42 <tremble> I'm quite happy to take them in EPEL, just need your approval as the Fedora owner 13:43 <marca_> ok, so I only write into bz comment 13:43 <tremble> Ok 13:44 <tremble> Would you prefer to be in there as a co-owner or would you rather just leave the EL branches to me? 13:45 * tremble thanks you. 13:45 <marca_> no, I don't have time for EL. Take it
CVS done (by process-cvs-requests.py).
Perl YAML-LibYAML bundles libyaml. lib/YAML/XS.pm: > Kirill Siminov's C<libyaml> is arguably the best YAML implementation. > The C library is written precisely to the YAML 1.1 specification. It was > originally bound to Python and was later bound to Ruby. > > This module is a Perl XS binding to libyaml which offers Perl the best > YAML support to date. However this is not just a binding. This a pure bundling because LibYAML directory copies yaml sources: $ find -name '*.c' -o -name '*.h' ./LibYAML/yaml_private.h ./LibYAML/yaml.h ./LibYAML/parser.c ./LibYAML/writer.c ./LibYAML/scanner.c ./LibYAML/perl_libyaml.h ./LibYAML/dumper.c ./LibYAML/loader.c ./LibYAML/api.c ./LibYAML/perl_libyaml.c ./LibYAML/emitter.c ./LibYAML/config.h ./LibYAML/ppport_sort.h ./LibYAML/ppport.h ./LibYAML/reader.c How is possible this review has passed?
Just wonder then how this can be detected in Automated Review Server??? looks like above is related to recently filed security bugs.
(In reply to Parag AN(पराग) from comment #10) > Just wonder then how this can be detected in Automated Review Server??? > If bundled code does not mangle function names, one can check symbols from debuginfo against exported symbols from system libraries. Or one can check compilation source file names or compilation unit names between debuginfo packages. I've already receieved a bug report based on this heuristic. However this is the reason why the Automated Review Server, whatever it is, will never supersede human reviewer and thus I believe Fedora will always require human reviews. > looks like above is related to recently filed security bugs. Yes.
Petr, I just checked the package and found its bundling the source of libyaml which should have been checked at the time of initial package review but looks like got overlooked. Should this need FESCo ticket for exception? if not then this package need to be dropped.
We will try to unbundle it.