Bug 500013 - Review Request: dansguardian - Content filtering web proxy
Review Request: dansguardian - Content filtering web proxy
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matěj Cepl
Fedora Extras Quality Assurance
:
: 458643 dansguardian (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-10 03:28 EDT by Felix Kaechele
Modified: 2009-08-12 16:57 EDT (History)
6 users (show)

See Also:
Fixed In Version: 2.10.1.1-1.fc10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-20 04:07:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
mcepl: fedora‑review+
tibbs: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Felix Kaechele 2009-05-10 03:28:42 EDT
Spec URL: <spec info here>
SRPM URL: http://heffer.fedorapeople.org/review/dansguardian-2.10.0.3-1.fc11.src.rpm
Description: DansGuardian filters the content of pages based on many methods including
phrase matching, PICS filtering and URL filtering. It does not purely filter
based on a banned list of sites.

It provides real-time virus scanning capabilities for content access.

DansGuardian is designed to be completely flexible and allows you to tailor the
filtering to your exact needs. It can be as draconian or as unobstructive as
you want. The default settings are geared towards what a primary school might
want but DansGuardian puts you in control of what you want to block.

DansGuardian requires squid or another similar caching proxy server on your
local network.

----

[felix@polaris result]$ rpmlint dansguardian-* dansguardian.spec dansguardian
4 packages and 1 specfiles checked; 0 errors, 0 warnings.
Comment 1 Felix Kaechele 2009-05-10 03:29:34 EDT
*** Bug 458643 has been marked as a duplicate of this bug. ***
Comment 2 Felix Kaechele 2009-05-13 04:27:07 EDT
I forgot to attach the spec and was pretty sure I added it later on. Seems not so :-/

Nevertheless here it is: 
http://heffer.fedorapeople.org/review/dansguardian.spec
Comment 3 Matěj Cepl 2009-05-29 11:16:22 EDT
+ GOOD: rpmlint is silent on both source and binary package.
+ GOOD: The package is named according to the Package Naming Guidelines .
+ GOOD: The spec file name matches the base package %{name}, in the format
  %{name}.spec.
+ GOOD: The package meets the Packaging Guidelines .
? UNEASY: The package is licensed with a Fedora approved license and meet the
Licensing Guidelines .
I would feel much better if you mentioned somehwere (specfile, copyright statements in the source code) explicit permission to package it in Fedora from http://dansguardian.org/?page=copyright2:

* freely (no cost) downloadable from this site for general purpose unix distributions like FreeBSD, Debian, Fedora, Ubuntu, etc 

Otherwise we could look like changing software's license without author's permission.

+ GOOD: The License field in the package spec file matches the actual license.

see the previous point, it is correct as of now; it would have to be changed, if license files are not changed, or changed in different way.

- BAD: LICENSE file is in %doc.

It isn't ... COPYING file that is.

+ GOOD: The spec file is written in American English.
+ GOOD: The spec file for the package is legible.
+ GOOD: The sources used to build the package matches the upstream source,
as provided in the spec URL.
68c8e9a97a3b58d2467a19cb15db5599
+ GOOD: The package successfully compiles and build into binary rpms on at
least one supported architecture.
  Koji scratch build is
  http://koji.fedoraproject.org/koji/taskinfo?taskID=1383216
+ GOOD: builds on all architectures
+ GOOD: All build dependencies are listed in BuildRequires. (builds in koji)
+ GOOD: The spec file MUST handle locales properly.
  No locale support.
+ GOOD: no libraries
+ GOOD: not relocatable
+ GOOD: A package owns all directories that it creates.
+ GOOD: A package must not contain any duplicate files in the %files listing.
+ GOOD: Permissions on files must be set properly.
+ GOOD: Each package have a %clean section.
+ GOOD: Each package consistently use macros.
+ GOOD: The package contains code, or permissable content.
+ GOOD: No large documentation files, so no a -doc subpackage.
+ GOOD: Files registered in %doc does not affect the runtime of the
application.
+ GOOD: No header files.
+ GOOD: No static libraries.
+ GOOD: No pkgconfig(.pc) files.
+ GOOD: The package does not contain library files with a suffix.
+ GOOD: No devel packages.
+ GOOD: No .la libtool archives.
+ GOOD: Packages does not contain GUI applications.
+ GOOD: Packages does not own files or directories owned by other packages.
+ GOOD: Runs rm -rf $RPM_BUILD_ROOT in %install
+ GOOD: All filenames in rpm packages are valid UTF-8.
+ GOOD: Includes license text.

Please fix or explain above show issues.
Comment 4 Felix Kaechele 2009-05-29 11:32:28 EDT
Thank you for your review. I adressed the issues you pointed out and updated the spec file:

Spec: http://heffer.fedorapeople.org/review/dansguardian.spec
SRPM: http://heffer.fedorapeople.org/review/dansguardian-2.10.0.3-2.fc11.src.rpm
Comment 5 Matěj Cepl 2009-05-30 08:46:36 EDT
I just don't feel like deciding about this. The question I have is whether the author would object to inclusion of dansguardian in RHEL (if that ever happens). RHEL is freely distributable (and of course there is CentOS), but Red Hat charges for support, so the limitations on his page http://dansguardian.org/?page=copyright2 are unequivocal. Probably best would be get the author's statement on the issue.

Blocking FE-LEGAL again and posting question to fedora-legal.

Aside from this issue this package is OK, and it would be approved.
Comment 6 Matěj Cepl 2009-05-30 08:48:52 EDT
And of course if you write the email to the auhor, please, do mention existence of ftp://ftp.redhat.com/pub/redhat/linux/enterprise/ (complete src.rpm files of RHEL). He may not know about it.
Comment 7 Rex Dieter 2009-06-18 10:46:24 EDT
IMO, and all that.

The code says it's GPLv2+, so, there shouldn't be any blocker license-wise.

The author is trying to place additional restrictions on copies downloaded from his site, which is questionable, but shouldn't be relevant here as the software will be distributed by the fedoraproject (or other downstream projects).
Comment 8 Matěj Cepl 2009-06-19 07:15:37 EDT
(In reply to comment #7)
> IMO, and all that.
> 
> The code says it's GPLv2+, so, there shouldn't be any blocker license-wise.
> 
> The author is trying to place additional restrictions on copies downloaded from
> his site, which is questionable, but shouldn't be relevant here as the software
> will be distributed by the fedoraproject (or other downstream projects).  

You may be right, but the upstream website is so confusing, that I would rather have unequivocal statement of the upstream author on this topic.
Comment 9 Bernie Innocenti 2009-06-19 10:50:37 EDT
Dansguardian already went through RH legal.  Their response was:

  https://bugzilla.redhat.com/show_bug.cgi?id=458643#c8

And that was already implemented in my spec file.
Comment 10 Rex Dieter 2009-06-19 11:06:41 EDT
Cool, lifting FE-LEGAL.
Comment 11 Matěj Cepl 2009-06-19 12:35:25 EDT
OK, then this package is APPROVED.
Comment 12 Felix Kaechele 2009-06-19 13:25:18 EDT
Okay. Thank you for the Review!

New Package CVS Request
=======================
Package Name: dansguardian
Short Description: Content filtering web proxy
Owners: heffer
Branches: F-10 F-11 devel
InitialCC:
Comment 13 Jason Tibbitts 2009-06-20 11:06:58 EDT
CVS done.
Comment 14 Fedora Update System 2009-07-15 06:33:43 EDT
dansguardian-2.10.1.1-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/dansguardian-2.10.1.1-1.fc10
Comment 15 Jason Tibbitts 2009-07-15 21:39:57 EDT
*** Bug 512033 has been marked as a duplicate of this bug. ***
Comment 16 Fedora Update System 2009-07-19 06:18:18 EDT
dansguardian-2.10.1.1-1.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update dansguardian'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-7741
Comment 17 Fedora Update System 2009-07-19 06:32:28 EDT
dansguardian-2.10.1.1-1.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update dansguardian'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-7781
Comment 18 Matěj Cepl 2009-07-20 04:07:06 EDT
This bug was supposed to be closed when http://koji.fedoraproject.org/koji/buildinfo?buildID=114396 finished.

Closing now.
Comment 19 Fedora Update System 2009-08-12 16:57:24 EDT
dansguardian-2.10.1.1-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2009-08-12 16:57:52 EDT
dansguardian-2.10.1.1-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.