Bug 523343 - Review Request: zikula-module-EZComments - Simple Zikula module that provides comment functions to other modules
Summary: Review Request: zikula-module-EZComments - Simple Zikula module that provides...
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jon Stanley
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2009-09-15 00:15 UTC by Mel Chua
Modified: 2010-06-18 16:27 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-06-18 16:27:06 UTC
jonstanley: fedora-review+
kevin: fedora-cvs+

Attachments (Terms of Use)

Comment 1 Mel Chua 2009-09-16 06:02:59 UTC
The ep5 version of the RPM has been successfully deployed and used on the publictest version of Fedora Insight. See http://publictest6.fedoraproject.org/zikula/index.php/News/2009/8/17/First-test-article/#comments for the glory.

All RPMs and SRPMs are available at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/.

Comment 2 Toshio Ernie Kuratomi 2009-09-16 19:00:55 UTC
Licensing problem :-(

* zikula-module-EZComments-0.1.61-1.fc11.src/modules/EZComments/pnjavascript/toggle.js

This is taken from:
All content on the blog is licensed http://creativecommons.org/licenses/by-sa/2.5/ so without a note from the author, that's the license of the javascript.  Creative Commons licenses are incompatible with any version of the GPL so we have a problem here.

spot, are there any special rules for javascript being served by a web framework that would mitigate this?  Or does the: The files are included in the same tarball and are used to form a whole program. rule mean this is not legal?

Comment 3 Toshio Ernie Kuratomi 2009-09-16 20:02:43 UTC
spot, relaying from Legal says that there are options but by far the simplest is to get the upstream author of the javascript to relicense to something GPL compatible.  This could be GPLv2+ (since zikula is GPLv2+) or it could be MIT, new BSD, Public Domain, or any of the other GPL compatible licenses.

This table has a column for GPLv2 and GPLv3 compatibility:

To do this, someone has to talk to the author of the blog about relicensing the code.  You could talk to him directly or go through the zikula/EZComment developers.  In the interest of speed, it's probably going to come down to letting the zikula/EZComment guys know about the problem and then doing the footwork to contact the blog author about the relicense yourself.

Comment 4 Mel Chua 2009-09-30 22:59:11 UTC
Dustin Diaz has been contacted - email text below.


Hi, Dustin - I've got a quick and probably unusual request for you. Would you mind re-licensing check_one_check_all_javascript.php under something that's GPL-compatible? (http://fedoraproject.org/wiki/Licensing#Good_Licenses)

Here's why:
We're working to deploy a zikula-based site (https://fedoraproject.org/wiki/Fedora_Insight) for Fedora and would like to deploy a zikula module called ezcomments (http://code.zikula.org/ezcomments/) on that site.

The ezcomments module uses your javascript, which is (since it was taken from your blog) licensed under CC-BY-SA-2.5 - so we can't package it for Fedora, and thus use deploy it on our site, because it isn't GPL-compatible.

The longer story is at https://bugzilla.redhat.com/show_bug.cgi?id=523343 - but anyhow, we'd greatly appreciate it if you could re-license the js; editing the php file to include the license text of one of the licenses at http://fedoraproject.org/wiki/Licensing#Good_Licenses is all that's needed - if you can give us a link to that, we'll contact all the necessary downstreams.


--Mel Chua, on behalf of the Fedora Project

Comment 5 Mel Chua 2009-09-30 23:04:04 UTC
Also pinged upstream maintainer Florian Schießl (who keeps up the ezcomments extension) via the zikula community's private messaging interface, since there is no public contact email listed.

I now see very, very clearly why we are so stringent about licensing for Fedora packages. Wow.


Hi! Just wanted to let you know that we're working to get the javascript in the ezcomments module you maintain re-licensed to something GPL compatible, since we'd like to deploy your module on a zikula-based Fedora site.

You can see everything that's going on at https://bugzilla.redhat.com/show_bug.cgi?id=523343.


--Mel Chua on behalf of the Fedora Project

Comment 6 Nick Bebout 2009-10-26 23:41:35 UTC

Did you get the updated version done, (we had talked on IRC about it)

Comment 7 Nick Bebout 2009-11-01 04:37:43 UTC


Comment 8 Mel Chua 2009-11-03 01:15:33 UTC
Argh, sorry about the bottlenecking, Nick - travel went and ate my soul last week. Finally sat down with Sebastian Dziallas, added the licensing email, knocked out the last couple errors in rpmlint, and I think we're done.

Updated spec is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments.spec

Updated srpm is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments-0.1.61-2.fc11.src.rpm

Comment 9 Mel Chua 2009-11-03 01:53:20 UTC
jds2001 points out that the zikula website has changed and now offers a static option for a download URL (rather than the earlier dynamic-only one that was the bane of my existence for awhile).

Updated spec is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments.spec 

Updated srpm is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments-0.1.61-3.fc11.src.rpm

Comment 10 Jon Stanley 2009-11-03 02:00:45 UTC
taking review

Comment 11 Jon Stanley 2009-11-03 02:51:21 UTC
OK, this is quite interesting.  This package technically looks fine to me, but in doing a formal review I ran into a little glitch.

First, the upstream URL (that's listed as a direct link on the download page) gives me a 403 when I try to get it with wget. That's excusable, somewhat. What's not is that when I went to the upstream webpage and downloaded the source, the md5sum didn't match:

ef71cfcec8a3cc4dcde845dc0ca47240  module_EZComments_1-61.zip
c8ed22422179645bd244f768ec513ad7  ../rpmbuild/SOURCES/module_EZComments_1-61.zip

Upon further investigation into this discrepancy, I found that apparently some translations were included in the version that I had downloaded that were not in the (ostensibly same) version in the SRPM:

[jstanley@rugrat ~]$ diff zik-dl.find zikula-tmp/zik-pk.find 
< ./modules/EZComments/pnlang/spa/common.php
< ./modules/EZComments/pnlang/fra/template_Standard.php
< ./modules/EZComments/pnlang/fra/common.php
< ./modules/EZComments/pnlang/ces/common.php
< ./modules/EZComments/pnlang/nor/common.php
< ./modules/EZComments/pnlang/ita/common.php
< ./modules/EZComments/pnlang/nld/template_Standard.php
< ./modules/EZComments/pnlang/nld/common.php
< ./modules/EZComments/pnlang/deu/template_Standard.php
< ./modules/EZComments/pnlang/deu/common.php
[jstanley@rugrat ~]$ cd zikula-tmp/
[jstanley@rugrat zikula-tmp]$ ls -l ./modules/EZComments/pnlang/deu/common.php
ls: cannot access ./modules/EZComments/pnlang/deu/common.php: No such file or directory

I'm not exactly sure what to do about this - this is poor upstream release practices, but failing the most basic check in the package review process sort of blocks it from Fedora, but it also doesn't seem right to block a package simply because upstream doesn't have their act together.

Upstream should: 

1) Provide a static URL that will forever lead to the *same* version of a package - no additional translations, no additional code, etc - the md5sum/sha1sum should be identical.
2) Refrain from releasing a new version with simply more translated strings without bumping the version (sorta a natural consequence of item 1).

Comment 12 Mel Chua 2009-11-03 03:59:52 UTC
Wow. This is... we'll need to have a talk with upstream. Rebuilt with current source, added comment to spec saying that md5sum can change without version number changing.

Updated spec is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments.spec

Updated srpm is at http://mchua.fedorapeople.org/packages/zikula-module-EZComments/zikula-module-EZComments-0.1.61-3.fc11.src.rpm

Comment 13 Jon Stanley 2009-11-03 04:47:06 UTC
OK, we've seen many and varied md5sums of the upstream zip file.  For the record, the zikula.md5sum file was generated by doing a 'find . -type f | xargs md5sum > zikula.md5sum', and the results compared with a upstream downloaded copy.  The results are provided below:

[jstanley@rugrat 1]$ find . | md5sum -c /home/jstanley/zikula.md5sum 
./modules/index.html: OK
./modules/EZComments/pnmigrateapi/news.php: OK
./modules/EZComments/pnmigrateapi/pnProfile.php: OK
./modules/EZComments/pnmigrateapi/index.html: OK
./modules/EZComments/pnmigrateapi/polls.php: OK
./modules/EZComments/pnmigrateapi/pnComments.php: OK
./modules/EZComments/pnmigrateapi/pnFlashGames.php: OK
./modules/EZComments/pnmigrateapi/dummy.php: OK
./modules/EZComments/pnmigrateapi/reviews.php: OK
./modules/EZComments/pnblocks/index.html: OK
./modules/EZComments/pnblocks/ezcomments.php: OK
./modules/EZComments/pnuser.php: OK
./modules/EZComments/pndocs/credits.txt: OK
./modules/EZComments/pndocs/todo.txt: OK
./modules/EZComments/pndocs/index.html: OK
./modules/EZComments/pndocs/install.txt: OK
./modules/EZComments/pndocs/license.txt: OK
./modules/EZComments/pndocs/changelog.txt: OK
./modules/EZComments/pnstyle/index.html: OK
./modules/EZComments/pnstyle/style.css: OK
./modules/EZComments/index.html: OK
./modules/EZComments/pnmyprofileapi.php: OK
./modules/EZComments/pntables.php: OK
./modules/EZComments/pnsearchapi.php: OK
./modules/EZComments/pninit.php: OK
./modules/EZComments/pnlang/spa/index.html: OK
./modules/EZComments/pnlang/fra/index.html: OK
./modules/EZComments/pnlang/index.html: OK
./modules/EZComments/pnlang/ces/index.html: OK
./modules/EZComments/pnlang/nor/index.html: OK
./modules/EZComments/pnlang/ita/index.html: OK
./modules/EZComments/pnlang/nld/index.html: OK
./modules/EZComments/pnlang/eng/index.html: OK
./modules/EZComments/pnlang/eng/template_Standard.php: OK
./modules/EZComments/pnlang/eng/common.php: OK
./modules/EZComments/pnlang/deu/index.html: OK
./modules/EZComments/pnaccountapi.php: OK
./modules/EZComments/pnincludes/index.html: OK
./modules/EZComments/pnincludes/ezcomments_admin_modifyhandler.class.php: OK
./modules/EZComments/pnincludes/ezcomments_user_modifyhandler.class.php: OK
./modules/EZComments/pnincludes/ezcomments_admin_modifyconfighandler.class.php: OK
./modules/EZComments/pnincludes/common.php: OK
./modules/EZComments/pnimages/fra/sendpm.gif: OK
./modules/EZComments/pnimages/fra/index.html: OK
./modules/EZComments/pnimages/fra/go_up.gif: OK
./modules/EZComments/pnimages/fra/go_down.gif: OK
./modules/EZComments/pnimages/fra/profile.gif: OK
./modules/EZComments/pnimages/yellow.gif: OK
./modules/EZComments/pnimages/index.html: OK
./modules/EZComments/pnimages/nld/sendpm.gif: OK
./modules/EZComments/pnimages/nld/index.html: OK
./modules/EZComments/pnimages/nld/go_up.gif: OK
./modules/EZComments/pnimages/nld/go_down.gif: OK
./modules/EZComments/pnimages/nld/profile.gif: OK
./modules/EZComments/pnimages/green.gif: OK
./modules/EZComments/pnimages/comment.gif: OK
./modules/EZComments/pnimages/red.gif: OK
./modules/EZComments/pnimages/admin.gif: OK
./modules/EZComments/pnimages/eng/sendpm.gif: OK
./modules/EZComments/pnimages/eng/index.html: OK
./modules/EZComments/pnimages/eng/go_up.gif: OK
./modules/EZComments/pnimages/eng/go_down.gif: OK
./modules/EZComments/pnimages/eng/profile.gif: OK
./modules/EZComments/pnimages/deu/sendpm.gif: OK
./modules/EZComments/pnimages/deu/index.html: OK
./modules/EZComments/pnimages/deu/go_up.gif: OK
./modules/EZComments/pnimages/deu/go_down.gif: OK
./modules/EZComments/pnimages/deu/profile.gif: OK
./modules/EZComments/pnimages/mycommentsbutton.gif: OK
./modules/EZComments/pnversion.php: OK
./modules/EZComments/pnuserapi.php: OK
./modules/EZComments/pnadminapi.php: OK
./modules/EZComments/pnjavascript/index.html: OK
./modules/EZComments/pnjavascript/toggle.js: OK
./modules/EZComments/pntemplates/ezcomments_myprofile_tab.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_delete.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_stats.htm: OK
./modules/EZComments/pntemplates/plugins/modifier.commentstatus.php: OK
./modules/EZComments/pntemplates/plugins/index.html: OK
./modules/EZComments/pntemplates/plugins/modifier.formatezcomment.php: OK
./modules/EZComments/pntemplates/plugins/modifier.issued.php: OK
./modules/EZComments/pntemplates/plugins/modifier.modified.php: OK
./modules/EZComments/pntemplates/plugins/function.ezcommentsstylesheet.php: OK
./modules/EZComments/pntemplates/plugins/function.ezcommentsimg.php: OK
./modules/EZComments/pntemplates/ezcomments_mail_newcomment.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_modulestats.htm: OK
./modules/EZComments/pntemplates/Standard/index.html: OK
./modules/EZComments/pntemplates/Standard/ezcomments_user_view.htm: OK
./modules/EZComments/pntemplates/Standard/style.css: OK
./modules/EZComments/pntemplates/ezcomments_admin_deleteitem.htm: OK
./modules/EZComments/pntemplates/index.html: OK
./modules/EZComments/pntemplates/ezcomments_admin_applyrules_results.htm: OK
./modules/EZComments/pntemplates/ezcomments_block_ezcomments.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_menu.htm: OK
./modules/EZComments/pntemplates/ezcomments_user_header.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_purge.htm: OK
./modules/EZComments/pntemplates/ezcomments_search_form.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_cleanup.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_modify.htm: OK
./modules/EZComments/pntemplates/ezcomments_user_atom.htm: OK
./modules/EZComments/pntemplates/ezcomments_user_main.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_modifyconfig.htm: OK
./modules/EZComments/pntemplates/ezcomments_block_ezcomments_modify.htm: OK
./modules/EZComments/pntemplates/ezcomments_mail_modcomment.htm: OK
./modules/EZComments/pntemplates/ezcomments_user_modify.htm: OK
./modules/EZComments/pntemplates/ezcomments_user_rss.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_migrate.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_applyrules_form.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_deletemodule.htm: OK
./modules/EZComments/pntemplates/ezcomments_admin_view.htm: OK
./modules/EZComments/pnadmin.php: OK
./module_EZComments_1-61.zip: FAILED
md5sum: WARNING: 1 of 112 computed checksums did NOT match

At this point, I'm confident saying that the source is genuine, even if they do a *really* poor job of release management.

This is a simple package and follows all applicable guidelines.


Please put a link to this bug in the imported package, and note the exception granted to upstream md5sum matching, since all of the individual files appear to match.

Comment 14 Jon Stanley 2009-11-03 04:48:30 UTC
Lifting FE-LEGAL due to email from upstream included in %doc, as well.

Comment 15 Mel Chua 2009-11-03 06:02:55 UTC
New Package CVS Request
Package Name: zikula-module-EZComments
Short Description: Simple Zikula module that provides comment functions to other modules
Owners: mchua 
Branches: F-11 F-12 EL-5

Comment 16 Kevin Fenzi 2009-11-03 19:13:32 UTC
cvs done.

Comment 17 Paul W. Frields 2010-06-09 20:04:42 UTC
Update: the upstream EZComments maintainers have rewritten the JS in question and licensed it as LGPLv2+.  Also, I found that their release management practices haven't changed, since they just reset the tag for 2.0.0 from their SVN rev724 to rev741 to make that change.

One way to avoid this creating havoc for a reviewer is to add a %zikula_rev global to refer to the actual SVN changeset (which hopefully is singular), and use this URL for downloads instead:


I've put new copies up here, since we have to upgrade to 2.0.0 to fix some known comment problems for Fedora Insight:


I know the package was approved already, but since there's been a lag and the bug is still open, I thought it was worth it to dump the current status here.

Comment 18 Jon Stanley 2010-06-13 05:15:16 UTC
Hmm, not sure why this is still open. Has it been imported yet? CVS was done awhile ago, maybe Mel just forgot to close the bug? At any rate, I had a conversation with Simon at FUDCon in December which sort of gives a little bit of sane reasoning to the inclusion of translations in a released tarball (which was my problem in the initial review). The majority of the time, the person doing the translation is someone that requires the translation for a site that they're deploying, and they want instant gratification rather than waiting for someone else to do a release.

That doesn't excuse the practice above, wholesale relicensing and code changes without a version bump - I'm not sure what that's all about.

Comment 19 Paul W. Frields 2010-06-18 16:09:56 UTC
This has been imported now to EL-5.

Note You need to log in before you can comment on or make changes to this bug.