A few initial notes:

- You're mixing URL with Source0. Source0 should have the contents of the current URL, URL should be http://ophcrack.sourceforge.net/ instead.

- I think you need BR: expat-devel. No need to specify the Requires: though, these will be picked up by RPM.

- Remove the extra >>'s from the description.

- Instead of
 Icon=ophcrack.png
use
 Icon=ophcrack
in the desktop file.

- You are mixing %{buildroot} and $RPM_BUILD_ROOT, this is not allowed. Choose one and stick with it.

- Drop
 %{_datadir}/applications
as this is a standard system directory. Besides, now you're owning
 %{_datadir}/applications/%{name}.desktop
twice as owning %{_datadir}/applications owns everything in it.

Once you have fixed these I'll do the full review.

I fixed the URL/Source0 mishap, that one was a horrible oversight by myself.

Don't need expat-devel, I built the SRPM in mock to verify and I'd rather leave the Requires for personal sanity as opposed to relying on the auto-fu but if there is a guideline saying otherwise I will happily oblige.

Got rid of the extra >>'s

Changed the Icon listing

This was an oversight/laziness as a side effect of fedora vim auto generating a template for me with $RPM_BUILD_ROOT, it has been fixed.

Dropped the %{_datadir}/applications listing in %files.

Spec URL: http://maxamillion.fedorapeople.org/ophcrack.spec
SRPM URL: http://maxamillion.fedorapeople.org/ophcrack-3.2.1-2.fc10.src.rpm

- Don't use macros in the URL. This makes copy-paste impossible from the spec file.

(In reply to comment #3)
> Don't need expat-devel, I built the SRPM in mock to verify and I'd rather leave
> the Requires for personal sanity as opposed to relying on the auto-fu but if
> there is a guideline saying otherwise I will happily oblige.

http://fedoraproject.org/wiki/Packaging/Guidelines#Explicit_Requires

"Packages must not contain explicit Requires on libraries except when absolutely necessary. When explicit library Requires are necessary, there should be a spec file comment justifying it."

Got rid of the macro in the URL

Removed the Requires

Spec URL: http://maxamillion.fedorapeople.org/ophcrack.spec
SRPM URL: http://maxamillion.fedorapeople.org/ophcrack-3.2.1-3.fc10.src.rpm

Ugh, what a broken build system.

- You need
 BuildRequires: qwt-devel
to get graph rendering (enabled by default). Then you need to
 %configure --with-libqwt=%{_libdir}
to get configure to realize qwt is installed (at least on x86_64). Doesn't hurt having the specification, though.

- Opt flags are not respected all the way. You need to get the build process to use the RPM optimization flags also in the beginning.

I have been in contact with upstream ever since I decided to package this and when speaking with one of the developers today I was informed that they are going to release a new version tomorrow and they will also be altering a few things in their make file that will accommodate for the location of the qwt header files in Fedora (an issue I was having). I will put together a new package tomorrow with the new version and update the review request then.

Okay, please ask them to make also sure that the CFLAGS set in configure phase are used everywhere.

The new release looks good to me, upstream fixed the issues I had.

Spec URL: http://maxamillion.fedorapeople.org/ophcrack.spec
SRPM URL: http://maxamillion.fedorapeople.org/ophcrack-3.3.0-1.fc10.src.rpm

Nope, there is still the issue of the optflags:

In the beginning of the build process you see a lot of
gcc -Wall -std=gnu9x -pedantic -I.. -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I.. -I/usr/include -O2 -DNDEBUG -I./samdump2   -c -o list.o list.c

and the linking uses
g++ -m64 -Wl,-O1 -o ../ophcrack main.o ophcrackgui.o hashmodel.o tablemodel.o progdelegate.o tabledialog.o singlehashdialog.o hashview.o samdialog.o aboutdialog.o helpdialog.o graphdialog.o histogram_item.o exportdialog.o moc_ophcrackgui.o moc_hashmodel.o moc_tablemodel.o moc_progdelegate.o moc_tabledialog.o moc_singlehashdialog.o moc_hashview.o moc_samdialog.o moc_aboutdialog.o moc_helpdialog.o moc_graphdialog.o moc_exportdialog.o qrc_gui.o     ../libophcrack.a ../samdump2/libsamdump2.a -L/usr/lib -lm -lssl -lcrypto -lqwt -lQtGui -lQtCore -lpthread

I apparently jumped the gun on my previous post. The project was scheduled to release and upstream was nice enough to provide me with the source to package pre-release but it turns out that there were a couple things fixed between the "3.3.0" version I was given and the official 3.3.0 release. The spec file hasn't changed any because the only thing that changed was the source package (which has the same name). If there is a needed changelog entry for this I will happily add one, just couldn't find any real reason to add since the changelog already entered was technically for this release.

The optflags appear to be honored with the official release.
Spec URL: http://maxamillion.fedorapeople.org/ophcrack.spec
SRPM URL: http://maxamillion.fedorapeople.org/ophcrack-3.3.0-1.fc10.src.rpm

rpmlint output:
ophcrack.src: W: name-repeated-in-summary Ophcrack
ophcrack.src: W: mixed-use-of-spaces-and-tabs (spaces: line 6, tab: line 1)
ophcrack.x86_64: W: name-repeated-in-summary Ophcrack
3 packages and 0 specfiles checked; 0 errors, 3 warnings.


- Fix these. Remove "Ophcrack is" from the summary.

MUST: The package does not yet exist in Fedora. The Review Request is not a duplicate. OK
MUST: The spec file for the package is legible and macros are used consistently. OK
MUST: The package must be named according to the Package Naming Guidelines. OK
MUST: The spec file name must match the base package %{name}. OK
MUST: The package must be licensed with a Fedora approved license and meet the  Licensing Guidelines. OK

MUST: The License field in the package spec file must match the actual license. NEEDSWORK
- License is not "GPLv2+ and OpenSSL", it is "GPLv2+ with exceptions"

MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. OK
MUST: The package MUST successfully compile and build into binary rpms. OK
MUST: The spec file MUST handle locales properly. N/A

MUST: Optflags are used and time stamps preserved. NEEDSWORK
- The makefile still uses its own linker flags, use
 make LFLAGS="%{optflags}" %{?_smp_mflags}
to fix this.

MUST: Packages containing shared library files must call ldconfig. N/A
MUST: A package must own all directories that it creates or require the package that owns the directory. OK
MUST: Files only listed once in %files listings. OK
MUST: Debuginfo package is complete. OK
MUST: Permissions on files must be set properly. OK
MUST: Clean section exists. OK
MUST: Large documentation files must go in a -doc subpackage. N/A

MUST: All relevant items are included in %doc. Items in %doc do not affect runtime of application. NEEDSWORK
- Drop INSTALL as it only contains instructions for compilation.

MUST: Header files must be in a -devel package. N/A
MUST: Static libraries must be in a -static package. N/A
MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig'. N/A
MUST: If a package contains library files with a suffix then library files ending in .so must go in a -devel package. N/A
MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency. N/A
MUST: Packages does not contain any .la libtool archives. N/A

MUST: Desktop files are installed properly. NEEDSWORK
- Refer to packaging guidelines for proper desktop file installation. Also AFAIK Encoding is an obsolete line in desktop files.

MUST: No file conflicts with other packages and no general names. OK
MUST: Buildroot cleaned before install. OK
SHOULD: %{?dist} tag is used in release. OK
SHOULD: If the package does not include license text(s) as separate files from upstream, the packager should query upstream to include it. OK
SHOULD: The package builds in mock. OK

Fixed the areas where NEEDSWORK was tagged.

Spec URL: http://maxamillion.fedorapeople.org/ophcrack.spec
SRPM URL: http://maxamillion.fedorapeople.org/ophcrack-3.3.0-2.fc10.src.rpm

Fix the rpmlint warnings as well.

Also, you should make a comment about the need of the LFLAGS argument in %build, e.g.

# The LFLAGS argument to make is needed since by default the linking uses
# "-m64 -Wl,-O1" as linker flags instead of %{optflags}.

Taken care of the rpmlint warnings as well as added the LFLAGS justification.

Spec URL: http://maxamillion.fedorapeople.org/ophcrack.spec
SRPM URL: http://maxamillion.fedorapeople.org/ophcrack-3.3.0-3.fc10.src.rpm

OK, everything should be now in order so that the package can be

APPROVED

New Package CVS Request
=======================
Package Name: ophcrack
Short Description: Free Windows password cracker based on rainbow tables
Owners: maxamillion
Branches: F-10 F-11
InitialCC:

CVS done.

ophcrack-3.3.0-3.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/ophcrack-3.3.0-3.fc10

ophcrack-3.3.0-3.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/ophcrack-3.3.0-3.fc11

ophcrack-3.3.0-3.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ophcrack'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-6307

ophcrack-3.3.0-3.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ophcrack'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-6331

ophcrack-3.3.0-3.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

ophcrack-3.3.0-3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.