Spec URL: http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments.spec SRPM URL: http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments-0.1.61-1.fc11.src.rpm Description: New packager, seeking a sponsor. I based the spec off the specs of the 4 zikula modules listed below. http://cvs.fedoraproject.org/viewvc/rpms/zikula-module-MultiHook/F-11/zikula-module-MultiHook.spec?view=markup http://cvs.fedoraproject.org/viewvc/rpms/zikula-module-News/F-11/zikula-module-News.spec?view=markup http://cvs.fedoraproject.org/viewvc/rpms/zikula-module-scribite/F-11/zikula-module-scribite.spec?view=markup http://cvs.fedoraproject.org/viewvc/rpms/zikula-module-feeds/EL-5/zikula-module-feeds.spec?view=markup
The ep5 version of the RPM has been successfully deployed and used on the publictest version of Fedora Insight. See http://publictest6.fedoraproject.org/zikula/index.php/News/2009/8/17/First-test-article/#comments for the glory. All RPMs and SRPMs are available at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/.
Licensing problem :-( * zikula-module-EZComments-0.1.61-1.fc11.src/modules/EZComments/pnjavascript/toggle.js This is taken from: http://www.dustindiaz.com//check_one_check_all_javascript.php All content on the blog is licensed http://creativecommons.org/licenses/by-sa/2.5/ so without a note from the author, that's the license of the javascript. Creative Commons licenses are incompatible with any version of the GPL so we have a problem here. spot, are there any special rules for javascript being served by a web framework that would mitigate this? Or does the: The files are included in the same tarball and are used to form a whole program. rule mean this is not legal?
spot, relaying from Legal says that there are options but by far the simplest is to get the upstream author of the javascript to relicense to something GPL compatible. This could be GPLv2+ (since zikula is GPLv2+) or it could be MIT, new BSD, Public Domain, or any of the other GPL compatible licenses. This table has a column for GPLv2 and GPLv3 compatibility: http://fedoraproject.org/wiki/Licensing#Good_Licenses To do this, someone has to talk to the author of the blog about relicensing the code. You could talk to him directly or go through the zikula/EZComment developers. In the interest of speed, it's probably going to come down to letting the zikula/EZComment guys know about the problem and then doing the footwork to contact the blog author about the relicense yourself.
Dustin Diaz has been contacted - email text below. --- Hi, Dustin - I've got a quick and probably unusual request for you. Would you mind re-licensing check_one_check_all_javascript.php under something that's GPL-compatible? (http://fedoraproject.org/wiki/Licensing#Good_Licenses) Here's why: We're working to deploy a zikula-based site (https://fedoraproject.org/wiki/Fedora_Insight) for Fedora and would like to deploy a zikula module called ezcomments (http://code.zikula.org/ezcomments/) on that site. The ezcomments module uses your javascript, which is (since it was taken from your blog) licensed under CC-BY-SA-2.5 - so we can't package it for Fedora, and thus use deploy it on our site, because it isn't GPL-compatible. The longer story is at https://bugzilla.redhat.com/show_bug.cgi?id=523343 - but anyhow, we'd greatly appreciate it if you could re-license the js; editing the php file to include the license text of one of the licenses at http://fedoraproject.org/wiki/Licensing#Good_Licenses is all that's needed - if you can give us a link to that, we'll contact all the necessary downstreams. Thanks! --Mel Chua, on behalf of the Fedora Project
Also pinged upstream maintainer Florian Schießl (who keeps up the ezcomments extension) via the zikula community's private messaging interface, since there is no public contact email listed. I now see very, very clearly why we are so stringent about licensing for Fedora packages. Wow. --- Hi! Just wanted to let you know that we're working to get the javascript in the ezcomments module you maintain re-licensed to something GPL compatible, since we'd like to deploy your module on a zikula-based Fedora site. You can see everything that's going on at https://bugzilla.redhat.com/show_bug.cgi?id=523343. Thanks! --Mel Chua on behalf of the Fedora Project
mchua: Did you get the updated version done, (we had talked on IRC about it)
mchua: ping?
Argh, sorry about the bottlenecking, Nick - travel went and ate my soul last week. Finally sat down with Sebastian Dziallas, added the licensing email, knocked out the last couple errors in rpmlint, and I think we're done. Updated spec is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments.spec Updated srpm is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments-0.1.61-2.fc11.src.rpm
jds2001 points out that the zikula website has changed and now offers a static option for a download URL (rather than the earlier dynamic-only one that was the bane of my existence for awhile). Updated spec is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments.spec Updated srpm is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments-0.1.61-3.fc11.src.rpm
taking review
OK, this is quite interesting. This package technically looks fine to me, but in doing a formal review I ran into a little glitch. First, the upstream URL (that's listed as a direct link on the download page) gives me a 403 when I try to get it with wget. That's excusable, somewhat. What's not is that when I went to the upstream webpage and downloaded the source, the md5sum didn't match: ef71cfcec8a3cc4dcde845dc0ca47240 module_EZComments_1-61.zip c8ed22422179645bd244f768ec513ad7 ../rpmbuild/SOURCES/module_EZComments_1-61.zip Upon further investigation into this discrepancy, I found that apparently some translations were included in the version that I had downloaded that were not in the (ostensibly same) version in the SRPM: [jstanley@rugrat ~]$ diff zik-dl.find zikula-tmp/zik-pk.find 27d26 < ./modules/EZComments/pnlang/spa/common.php 29,30d27 < ./modules/EZComments/pnlang/fra/template_Standard.php < ./modules/EZComments/pnlang/fra/common.php 33d29 < ./modules/EZComments/pnlang/ces/common.php 35d30 < ./modules/EZComments/pnlang/nor/common.php 37d31 < ./modules/EZComments/pnlang/ita/common.php 39,40d32 < ./modules/EZComments/pnlang/nld/template_Standard.php < ./modules/EZComments/pnlang/nld/common.php 45,46d36 < ./modules/EZComments/pnlang/deu/template_Standard.php < ./modules/EZComments/pnlang/deu/common.php [jstanley@rugrat ~]$ cd zikula-tmp/ [jstanley@rugrat zikula-tmp]$ ls -l ./modules/EZComments/pnlang/deu/common.php ls: cannot access ./modules/EZComments/pnlang/deu/common.php: No such file or directory I'm not exactly sure what to do about this - this is poor upstream release practices, but failing the most basic check in the package review process sort of blocks it from Fedora, but it also doesn't seem right to block a package simply because upstream doesn't have their act together. Upstream should: 1) Provide a static URL that will forever lead to the *same* version of a package - no additional translations, no additional code, etc - the md5sum/sha1sum should be identical. 2) Refrain from releasing a new version with simply more translated strings without bumping the version (sorta a natural consequence of item 1).
Wow. This is... we'll need to have a talk with upstream. Rebuilt with current source, added comment to spec saying that md5sum can change without version number changing. Updated spec is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments.spec Updated srpm is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments-0.1.61-3.fc11.src.rpm
OK, we've seen many and varied md5sums of the upstream zip file. For the record, the zikula.md5sum file was generated by doing a 'find . -type f | xargs md5sum > zikula.md5sum', and the results compared with a upstream downloaded copy. The results are provided below: [jstanley@rugrat 1]$ find . | md5sum -c /home/jstanley/zikula.md5sum ./modules/index.html: OK ./modules/EZComments/pnmigrateapi/news.php: OK ./modules/EZComments/pnmigrateapi/pnProfile.php: OK ./modules/EZComments/pnmigrateapi/index.html: OK ./modules/EZComments/pnmigrateapi/polls.php: OK ./modules/EZComments/pnmigrateapi/pnComments.php: OK ./modules/EZComments/pnmigrateapi/pnFlashGames.php: OK ./modules/EZComments/pnmigrateapi/dummy.php: OK ./modules/EZComments/pnmigrateapi/reviews.php: OK ./modules/EZComments/pnblocks/index.html: OK ./modules/EZComments/pnblocks/ezcomments.php: OK ./modules/EZComments/pnuser.php: OK ./modules/EZComments/pndocs/credits.txt: OK ./modules/EZComments/pndocs/todo.txt: OK ./modules/EZComments/pndocs/index.html: OK ./modules/EZComments/pndocs/install.txt: OK ./modules/EZComments/pndocs/license.txt: OK ./modules/EZComments/pndocs/changelog.txt: OK ./modules/EZComments/pnstyle/index.html: OK ./modules/EZComments/pnstyle/style.css: OK ./modules/EZComments/index.html: OK ./modules/EZComments/pnmyprofileapi.php: OK ./modules/EZComments/pntables.php: OK ./modules/EZComments/pnsearchapi.php: OK ./modules/EZComments/pninit.php: OK ./modules/EZComments/pnlang/spa/index.html: OK ./modules/EZComments/pnlang/fra/index.html: OK ./modules/EZComments/pnlang/index.html: OK ./modules/EZComments/pnlang/ces/index.html: OK ./modules/EZComments/pnlang/nor/index.html: OK ./modules/EZComments/pnlang/ita/index.html: OK ./modules/EZComments/pnlang/nld/index.html: OK ./modules/EZComments/pnlang/eng/index.html: OK ./modules/EZComments/pnlang/eng/template_Standard.php: OK ./modules/EZComments/pnlang/eng/common.php: OK ./modules/EZComments/pnlang/deu/index.html: OK ./modules/EZComments/pnaccountapi.php: OK ./modules/EZComments/pnincludes/index.html: OK ./modules/EZComments/pnincludes/ezcomments_admin_modifyhandler.class.php: OK ./modules/EZComments/pnincludes/ezcomments_user_modifyhandler.class.php: OK ./modules/EZComments/pnincludes/ezcomments_admin_modifyconfighandler.class.php: OK ./modules/EZComments/pnincludes/common.php: OK ./modules/EZComments/pnimages/fra/sendpm.gif: OK ./modules/EZComments/pnimages/fra/index.html: OK ./modules/EZComments/pnimages/fra/go_up.gif: OK ./modules/EZComments/pnimages/fra/go_down.gif: OK ./modules/EZComments/pnimages/fra/profile.gif: OK ./modules/EZComments/pnimages/yellow.gif: OK ./modules/EZComments/pnimages/index.html: OK ./modules/EZComments/pnimages/nld/sendpm.gif: OK ./modules/EZComments/pnimages/nld/index.html: OK ./modules/EZComments/pnimages/nld/go_up.gif: OK ./modules/EZComments/pnimages/nld/go_down.gif: OK ./modules/EZComments/pnimages/nld/profile.gif: OK ./modules/EZComments/pnimages/green.gif: OK ./modules/EZComments/pnimages/comment.gif: OK ./modules/EZComments/pnimages/red.gif: OK ./modules/EZComments/pnimages/admin.gif: OK ./modules/EZComments/pnimages/eng/sendpm.gif: OK ./modules/EZComments/pnimages/eng/index.html: OK ./modules/EZComments/pnimages/eng/go_up.gif: OK ./modules/EZComments/pnimages/eng/go_down.gif: OK ./modules/EZComments/pnimages/eng/profile.gif: OK ./modules/EZComments/pnimages/deu/sendpm.gif: OK ./modules/EZComments/pnimages/deu/index.html: OK ./modules/EZComments/pnimages/deu/go_up.gif: OK ./modules/EZComments/pnimages/deu/go_down.gif: OK ./modules/EZComments/pnimages/deu/profile.gif: OK ./modules/EZComments/pnimages/mycommentsbutton.gif: OK ./modules/EZComments/pnversion.php: OK ./modules/EZComments/pnuserapi.php: OK ./modules/EZComments/pnadminapi.php: OK ./modules/EZComments/pnjavascript/index.html: OK ./modules/EZComments/pnjavascript/toggle.js: OK ./modules/EZComments/pntemplates/ezcomments_myprofile_tab.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_delete.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_stats.htm: OK ./modules/EZComments/pntemplates/plugins/modifier.commentstatus.php: OK ./modules/EZComments/pntemplates/plugins/index.html: OK ./modules/EZComments/pntemplates/plugins/modifier.formatezcomment.php: OK ./modules/EZComments/pntemplates/plugins/modifier.issued.php: OK ./modules/EZComments/pntemplates/plugins/modifier.modified.php: OK ./modules/EZComments/pntemplates/plugins/function.ezcommentsstylesheet.php: OK ./modules/EZComments/pntemplates/plugins/function.ezcommentsimg.php: OK ./modules/EZComments/pntemplates/ezcomments_mail_newcomment.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_modulestats.htm: OK ./modules/EZComments/pntemplates/Standard/index.html: OK ./modules/EZComments/pntemplates/Standard/ezcomments_user_view.htm: OK ./modules/EZComments/pntemplates/Standard/style.css: OK ./modules/EZComments/pntemplates/ezcomments_admin_deleteitem.htm: OK ./modules/EZComments/pntemplates/index.html: OK ./modules/EZComments/pntemplates/ezcomments_admin_applyrules_results.htm: OK ./modules/EZComments/pntemplates/ezcomments_block_ezcomments.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_menu.htm: OK ./modules/EZComments/pntemplates/ezcomments_user_header.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_purge.htm: OK ./modules/EZComments/pntemplates/ezcomments_search_form.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_cleanup.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_modify.htm: OK ./modules/EZComments/pntemplates/ezcomments_user_atom.htm: OK ./modules/EZComments/pntemplates/ezcomments_user_main.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_modifyconfig.htm: OK ./modules/EZComments/pntemplates/ezcomments_block_ezcomments_modify.htm: OK ./modules/EZComments/pntemplates/ezcomments_mail_modcomment.htm: OK ./modules/EZComments/pntemplates/ezcomments_user_modify.htm: OK ./modules/EZComments/pntemplates/ezcomments_user_rss.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_migrate.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_applyrules_form.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_deletemodule.htm: OK ./modules/EZComments/pntemplates/ezcomments_admin_view.htm: OK ./modules/EZComments/pnadmin.php: OK ./module_EZComments_1-61.zip: FAILED md5sum: WARNING: 1 of 112 computed checksums did NOT match At this point, I'm confident saying that the source is genuine, even if they do a *really* poor job of release management. This is a simple package and follows all applicable guidelines. APPROVED. Please put a link to this bug in the imported package, and note the exception granted to upstream md5sum matching, since all of the individual files appear to match.
Lifting FE-LEGAL due to email from upstream included in %doc, as well.
New Package CVS Request ======================= Package Name: zikula-module-EZComments Short Description: Simple Zikula module that provides comment functions to other modules Owners: mchua Branches: F-11 F-12 EL-5 InitialCC:
cvs done.
Update: the upstream EZComments maintainers have rewritten the JS in question and licensed it as LGPLv2+. Also, I found that their release management practices haven't changed, since they just reset the tag for 2.0.0 from their SVN rev724 to rev741 to make that change. One way to avoid this creating havoc for a reviewer is to add a %zikula_rev global to refer to the actual SVN changeset (which hopefully is singular), and use this URL for downloads instead: http://code.zikula.org/ezcomments/changeset/%{zikula_rev}/tags/%{zikula_modname}_%{version}?old_path=%2F&format=zip I've put new copies up here, since we have to upgrade to 2.0.0 to fix some known comment problems for Fedora Insight: http://pfrields.fedorapeople.org/packages/SPECS/zikula-module-EZComments.spec http://pfrields.fedorapeople.org/packages/SRPMS/zikula-module-EZComments-2.0.0-1.el5.src.rpm I know the package was approved already, but since there's been a lag and the bug is still open, I thought it was worth it to dump the current status here.
Hmm, not sure why this is still open. Has it been imported yet? CVS was done awhile ago, maybe Mel just forgot to close the bug? At any rate, I had a conversation with Simon at FUDCon in December which sort of gives a little bit of sane reasoning to the inclusion of translations in a released tarball (which was my problem in the initial review). The majority of the time, the person doing the translation is someone that requires the translation for a site that they're deploying, and they want instant gratification rather than waiting for someone else to do a release. That doesn't excuse the practice above, wholesale relicensing and code changes without a version bump - I'm not sure what that's all about.
This has been imported now to EL-5.