Spec URL: http://people.redhat.com/dmalcolm/python/libdasm.spec SRPM URL: http://people.redhat.com/dmalcolm/python/libdasm-1.5-1.src.rpm Description: libdasm is a C-library that tries to provide simple and convenient way to disassemble x86 raw opcode bytes (machine code). It can parse and print out opcodes in AT&T and Intel syntax. It also includes a Python module, which I believe is the only Python module that can directly disassemble machine code (pointers to others welcome)
This fails to build. Here's a scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=1393061
Was missing a buildrequires on python-devel; added. Spec URL: http://people.redhat.com/dmalcolm/python/libdasm.spec SRPM URL: http://people.redhat.com/dmalcolm/python/libdasm-1.5-2.src.rpm Successful scratch build in koji: http://koji.fedoraproject.org/koji/taskinfo?taskID=1395600 However, am not sure this is ready yet; rpmlint is showing some soname warnings: libdasm.i386: W: no-soname /usr/lib/libdasm.so.1.0 libdasm-devel.i386: W: no-documentation libdasm-devel.i386: W: no-soname /usr/lib/libdasm.so pydasm.i386: W: no-documentation
So, no-soname is really the only issue. This is generally one of those "get upstream to fix their broken build procedure" kind of things. You can fix it by patching in another option to the gcc call, but I'm not really sure that's a good idea. This code hasn't changed in five years so I doubt there's any kind of an issue here. However, the real issue I see is that this code isn't public domain. Yes, we have this from README.txt: libdasm is public domain software. You can do whatever you like with it. but then the source files have copyright statements. I guess spot gets another FE-Legal ticket; maybe the "whatever you like" clause gives us sufficient rights. I would recommend using _includedir instead of /usr/include, just in case. You're already doing that in the %files list but not in %install. Why do you have a separate copy of the unversioned .so file in the -devel pacakge instead of a symlink? I guess it doesn't really matter that much but I can't figure out a reason for it. * source files match upstream. sha256sum: 34d6c17dbb318bf2e21c6a3ae7dcc53d918ce247f1bd422b123d5e41a730a676 libdasm-1.5.tar.gz * package meets naming and versioning guidelines. * specfile is properly named, is cleanly written and uses macros consistently. * summary is OK. * description is OK. * dist tag is present. * build root is OK. ? license field matches the actual license. ? license is open source-compatible. * latest version is being packaged. * BuildRequires are proper. * compiler flags are appropriate. * %clean is present. * package builds in mock (rawhide, x86_64). * package installs properly. * debuginfo package looks complete. * rpmlint has acceptable complaints. * final provides and requires are sane: libdasm.so.1.0()(64bit) libdasm = 1.5-2.fc12 libdasm(x86-64) = 1.5-2.fc12 = /sbin/ldconfig libdasm-devel-1.5-2.fc12.x86_64.rpm libdasm.so()(64bit) libdasm-devel = 1.5-2.fc12 libdasm-devel(x86-64) = 1.5-2.fc12 = libdasm = 1.5-2.fc12 pydasm-1.5-2.fc12.x86_64.rpm pydasm.so()(64bit) pydasm = 1.5-2.fc12 pydasm(x86-64) = 1.5-2.fc12 = libdasm = 1.5-2.fc12 libpython2.6.so.1.0()(64bit) python(abi) = 2.6 * shared libraries are installed: * ldconfig is called properly. X unversioned .so file is a separate copy and not a link. * owns the directories it creates. * doesn't own any directories it shouldn't. * no duplicates in %files. * file permissions are appropriate. * no generically named files. * scriptlets OK (ldconfig). * code, not content. * documentation is small, so no -doc subpackage is necessary. * %docs are not necessary for the proper functioning of the package. * header is in the -devel subpackage. * no static libraries. * no libtool .la files.
Can we contact the copyright holder(s) (as listed in the files) and ask them to explicitly disclaim their copyright? Basically, they need to make a statement along the lines of: I, NAME_OF_COPYRIGHT_HOLDER, abandon all copyright on the code contained within the libdasm software (in particular, libdasm-1.5.tar.gz with SHA256 checksum 34d6c17dbb318bf2e21c6a3ae7dcc53d918ce247f1bd422b123d5e41a730a676 ) and place it into the Public Domain. They also need to let us know of what country they are a citizen of, because many countries do not permit copyright holders to put works into the public domain (e.g. most, if not all EU citizens cannot do this).
I have emailed the copyright holders hoping for such a statement, or a more clear license grant using a Fedora-compatible FLOSS license.
One of the developers directed me to a newer version of the code here: http://code.google.com/p/libdasm/ which is more actively maintained; the last commit was May 17th of this year. I'd want to include this version. Unfortunately the licensing there still appears ambiguous: the "Code license" field reads "New BSD License", which is fair enough, but the "Labels" field has the label "publicdomain", and the description says "public domain". The files still contain copyright claims. The original author appears to be happy to license the code under a BSD-style license (private email), and believes the other contributors would be as well.
So the only thing we really care about is the actual license on the code itself. Statements on the web site are only used as a last resort, and only if they're not contradictory (which they are) and we're reasonably sure they were made by the authors of the code in question. The code itself (http://code.google.com/p/libdasm/source/browse/trunk/libdasm.c) still has a copyright notice with no rights grant. Without that, we have no rights modify, redistribute or even make use of that code. It is not remotely free. If they want to relicense, they just need to include one of the many standard license blocks at the top of the .c and .h files, add a copy of the full license file to their repository, fix the README.txt file to not say "public domain" and preferably fix up the conflicting statements on their web site. Or they could remove the copyright notices and properly disclaim copyright as spot indicated above, assuming that they have the legal right to do so.
So, it's been quite some time since the last progress on this review; is there any chance that we could move forward, or should this just be closed out?
I no longer have a need for this library, and too many other things to be doing, so I'm going to close this as WONTFIX. If someone else wants to pick it up, that would be great. Jason: thanks for all your help with this, I'm sorry to drop the ball on this.