Bug 564520 - Review Request: frama-c - Framework for source code analysis of C software
Summary: Review Request: frama-c - Framework for source code analysis of C software
Status: CLOSED DUPLICATE of bug 592579
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: David A. Wheeler
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
: 448502 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-02-12 23:38 UTC by Alan Dunn
Modified: 2010-05-15 16:28 UTC (History)
6 users (show)

(edit)
Clone Of:
: 592579 (view as bug list)
(edit)
Last Closed: 2010-05-15 16:28:40 UTC


Attachments (Terms of Use)

Description Alan Dunn 2010-02-12 23:38:01 UTC
Spec URL: https://www.openproofs.org/packages/frama-c/frama-c.spec
SRPM URL: https://www.openproofs.org/packages/frama-c/frama-c-1.4-1.fc12.src.rpm
Description: Frama-C is a suite of tools dedicated to the analysis of the source
code of software written in C.

Frama-C gathers several static analysis techniques in a single
collaborative framework. The collaborative approach of Frama-C allows
static analyzers to build upon the results already computed by other
analyzers in the framework. Thanks to this approach, Frama-C provides
sophisticated tools, such as a slicer and dependency analysis.

Previous discussion of this potential package is at
https://bugzilla.redhat.com/show_bug.cgi?id=448502

Potential issues still remaining:

* The SELinux issue is not yet ironed out.

* I emailed the Fedora legal list (http://lists.fedoraproject.org/pipermail/legal/2010-February/001112.html) about the modifications to the QPL, but have not received any response back yet.

* Upstream naming convention is still non-standard, uses elements of the periodic table instead of version numbers. One possibility is to translate these (Beryllium = 4 => 1.4), but perhaps this is unacceptable. (The correspondence could be noted in the package description.)

* CIL (ocaml-cil) is still re-included as (somewhat significant) modifications were made to the files for Frama-C, these files should not conflict with ocaml-cil.

Builds on my system, rpmlint output as follows:

SPECS/frama-c.spec:109: W: make-check-outside-check-section # make tests | grep --silent "Ok  = 1579 of 1581"

This is because I have disabled the system tests for now. They can be re-enabled by uncommenting this line, but they take a while to execute, so I wasn't quite sure whether it would be worthwhile. I may just try and add exactly one of their tests in just to check that everything is working instead of the whole test suite (which has 1581 tests, 2 of which actually aren't included in the source tarball).

frama-c.src: W: invalid-license QPL with modifications

Licensing issue mentioned above

(Duplicates deleted as the SRPM, specfile, and RPM were all checked)

frama-c.i686: W: unstripped-binary-or-object /usr/bin/frama-c-gui
frama-c.i686: W: unstripped-binary-or-object /usr/lib/frama-c/plugins/Ltl_to_acsl.cmxs
frama-c.i686: W: unstripped-binary-or-object /usr/bin/frama-c
frama-c.i686: W: unstripped-binary-or-object /usr/bin/frama-c.byte
frama-c.i686: W: unstripped-binary-or-object /usr/bin/frama-c-gui.byte

This will require a minor correction, but in general I was encouraged to get this package up for preliminary analysis as quickly as possible.

frama-c-devel.i686: W: no-documentation

I'm not sure this really needs documentation on its own. The main package has documentation.

Mock build will be completed soon, Koji build cannot be done yet as the package will depend on an update that I am about to put out for ocaml-ocamlgraph. (The package can be grabbed here: http://koji.fedoraproject.org/koji/taskinfo?taskID=1976591)

Comment 1 David A. Wheeler 2010-02-13 20:16:09 UTC
Thanks for creating this package!!  I know this was rough to package.  I'll post comments later.

Comment 2 Richard W.M. Jones 2010-02-15 11:37:57 UTC
*** Bug 448502 has been marked as a duplicate of this bug. ***

Comment 3 David A. Wheeler 2010-02-15 15:22:49 UTC
It didn't build for me on Fedora 12 x86_64, with error:
  /usr/bin/ld: cannot find -lgtksourceview-1.0
You need to add this to the spec:
 BuildRequires: gtksourceview-devel

Comment 4 David A. Wheeler 2010-02-15 18:28:06 UTC
Here are some initial comments from reading the .spec file:

* Thanks for working out the complicated licensing situation.
  Hopefully Fedora legal will reply soon re: QPL with modifications.

* I suggest emailing Medhi Dogguy re: the Debian patches, and then
  changing the comments to document with certainty the decisions. E.G.:
  # This seems to apply for us as well, keeping Debian filename
  should be (once you've confirmed):
  # This applies to us as well...

  # I don't know why we would want to use that Jessie -> not including this patch
  should be:
   # We won't embed Jessie, but will instead use the Jessie supplied by the Why package

  # I'm not sure quite what this patch does, but I'm going to leave it out for now
  :-).

  # I didn't see any Fedora package providing the files that this patch
  # references -> dropping for now
  I don't have the patch you dropped, but it's worth noting that Fedora 12 provides
  packages named gtksourceview *and* gtksourceview2, as well as their -devel packages.
  Are these what you're looking for?

  In general, I know that people prefer relatively few lines in .spec files.

* You need to rename this source (patch) file:
   0001-Fix-weak-pattern-matching-in-dynlink_lower_311_byte..patch
   First, the ".." should be ".", and the prefix should be %{name}-%{version}-
   so that multiple simultaneous builds in the same SOURCE directory
   won't cause trouble.

* You should have a brief "why you need this" comment above:
  %if 0%{?fedora} >= 13
  Patch2: frama-c-1.4-ptests-fix-for-ocaml-3.11.2.patch 
  %endif

* As I noted earlier, you need gtksourceview-devel as a BuildRequires,
  or the build may fail.

* You use a macro here inside a comment, which will trigger a warning:
  # %check
  # make ptests %{frama-c_make_options}
  # make oracles %{frama-c_make_options}

  I suggest using "with" to make these disabled by default, but enable-able. E.G.:
  %if %{with lengthy-tests}
  %check
  make ptests %{frama-c_make_options}
  make oracles %{frama-c_make_options}
  %endif

  It'd be even better if you had at least a few tests run even without enabling "lengthy-tests",
  but this would at least make it easy to enable the lengthy test and would eliminate rpmlint complaints.

* The package includes over 20M of documentation; I think the documentation
   should be in a separate subpackage.

* It starts with "# Some ideas for this spec file taken from a prior attempt by Richard W. M. Jones"
  I think it's great to give credit, but you might consider moving that to the bottom as part of the comments
  in the ChangeLog.  Not a requirement.

Comment 5 David A. Wheeler 2010-02-15 18:51:22 UTC
Regarding the upstream version naming convention... I agree with you, the upstream naming convention is awful (e.g., "Beryllium").  This is an odd duck, and I'd like to hear others' comments.

I looked over the Fedora policy, here, on version numbers:
http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Package_Version
The policy focuses on the situations where non-numeric version identifiers are Pre-release packages (e.g., "alpha"), Post-release packages (e.g., "1.3a"), snapshots, and Jpackage-derived packages.  None of these situations applies.  In this case, we have a group that gives alphabetic names to versions, and you'd have to know the periodic table to know which is newer.

We *could* use a YYYYMMDD system, but that is a little awkward.

Translating the element names into their numeric atomic number (number of protons) isn't a bad idea at all, but I think you should use "0." as the prefix instead of "1.".  This means that Beryllium would become "0.4".  That way, if they switch to a more conventional version numbering system in the future, we can switch to it without using epochs.  In addition, I think you should add the word "beryllium" to the release name, so that people can easily figure out which one they have.

I'd be curious to hear others' thoughts on version/release naming.

Comment 6 Richard W.M. Jones 2010-02-15 18:55:24 UTC
Agreed re comment 5.

Comment 7 David A. Wheeler 2010-02-16 01:10:39 UTC
Note: The latest version of Frama-C is actually "Beryllium 2".  If we switch to using numeric version numbering beginning with "0.", then I think "Beryllium 2" should translate to version number "0.4.2".

Comment 8 David A. Wheeler 2010-02-16 02:00:48 UTC
Note: Fedora packages Why version 2.23, not Why version 2.21.
That's not a problem, in fact, that's a GOOD thing
(Why version 2.23 has many more capabilities).
However, it means that the Frama-C documentation for
Jessie does NOT work as-is, because they changed a default setting in
Why's Jessie.

So, what's changed?
As of Why version 2.22, Jessie now requires proof of
termination by default.  This is a good change, because the previous
semantics were tripping people up.  The newer versions of Why also
have FAR better support for termination proofs (since they made it the
default, they suddenly had to support it better :-) ).
However, since it no longer works as-is with the included docs, there
should be SOMETHING in the package that documents this change.

So I recommend including a file with the following content, or something
like it, as a %doc.   Call it "frama-c-1.4.why-changes.txt" or
something like it:

============================================================
Note that when Frama-C is used with Why version 2.22 or greater, there
is an important change in the semantics of Jessie.

In Why version 2.21's Jessie component, by default you did NOT need
to prove termination.  This resulted in some surprises and problems for users.
Thus, starting in Why version 2.22, Jessie requires proof of
termination by default.

As a result, many of the examples in the Frama-C Beryllium documentation
for Jessie do not work as-is, because they
don't include termination information.  For more information, see:
http://lists.gforge.inria.fr/pipermail/frama-c-discuss/2010-January/001736.html

For example, the Jessie tutorial section 2.2 needs to have a "loop variant"
added.  What's more, this MUST be added using
the /*@...*/ form NOT the //@ forms (you can't have adjacent //@ forms).
Here is what the updated example in section 2.2 looks like:

/*@ lemma mean: \forall integer x, y; x <= y ==> x <= (x+y)/2 <= y; */

//@ requires n >= 0 && \valid_range(t,0,n-1);
int binary_search(int* t, int n, int v) {
  int l = 0, u = n-1, p = -1;
  /*@ loop invariant 0 <= l && u <= n-1;
    @ loop variant u-l; */
  while (l <= u ) {
    int m = l + (u - l) / 2; // NOTE this is changed for bounded calculation
    if (t[m] < v)
      l = m + 1;
    else if (t[m] > v)
      u = m - 1;
    else {
      p = m; break;
    }
  }
  return p;
}

Comment 9 David A. Wheeler 2010-02-16 21:09:31 UTC
I've started to walk through the Fedora Guidelines and comparing with this draft package.  Here are some more comments.

The %files list isn't right.  It ends with:
 %exclude %{_datadir}/frama-c
which makes these lines pointless:
 %{_datadir}/frama-c/why
 %{_datadir}/frama-c/manuals
Basically, %{_datadir}/frama-c/why and ../manuals don't get packaged at all.
The file list in -devel don't look right at all to me; they look like examples
but NOT code necessary for developers depending on frama-c.
(See http://fedoraproject.org/wiki/Packaging:OCaml for more on OCaml -devel packages.)
I suggest re-examining the %files list, so that they get split more cleanly
*AND* so that there's a -doc subpackage.

Strictly speaking, what you're packaging is "Frama-C Beryllium 2" not "Beryllium".

This package contains a GUI, so there should be a .desktop file.

The Makefile uses "$(CP)" everywhere, but its definition (in share/Makefile.common) doesn't preserve timestamps (this impacts the 'make install' in the -devel package in particular).  You need to try to preserve timestamps.  One way would be to modify share/Makefile.common so that:
 CP      = cp -f
becomes:
 CP      = cp -f --preserve=timestamps


Have you tried passing the SMP flags, e.g.:
  make %{?_smp_mflags}
if that FAILS, then that should be documented, otherwise you should try to build using SMP.


Thanks for working on this package, I really appreciate it.

Comment 10 Alan Dunn 2010-02-17 01:34:05 UTC
(In reply to comment #5)
> Regarding the upstream version naming convention... I agree with you, the
> upstream naming convention is awful (e.g., "Beryllium").  This is an odd duck,
> and I'd like to hear others' comments.
> 
> I looked over the Fedora policy, here, on version numbers:
> http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Package_Version
> The policy focuses on the situations where non-numeric version identifiers are
> Pre-release packages (e.g., "alpha"), Post-release packages (e.g., "1.3a"),
> snapshots, and Jpackage-derived packages.  None of these situations applies. 
> In this case, we have a group that gives alphabetic names to versions, and
> you'd have to know the periodic table to know which is newer.
> 
> We *could* use a YYYYMMDD system, but that is a little awkward.
> 
> Translating the element names into their numeric atomic number (number of
> protons) isn't a bad idea at all, but I think you should use "0." as the prefix
> instead of "1.".  This means that Beryllium would become "0.4".  That way, if
> they switch to a more conventional version numbering system in the future, we
> can switch to it without using epochs.  In addition, I think you should add the
> word "beryllium" to the release name, so that people can easily figure out
> which one they have.
> 
> I'd be curious to hear others' thoughts on version/release naming.    

So, to clarify, you're suggesting a release of something like "2.beryllium"? (The other way around would affect EVR comparisons, no?)

Comment 11 Alan Dunn 2010-02-17 01:54:38 UTC
(In reply to comment #9)
> I've started to walk through the Fedora Guidelines and comparing with this
> draft package.  Here are some more comments.
> 
> The %files list isn't right.  It ends with:
>  %exclude %{_datadir}/frama-c

That is a mistake on my part.

> which makes these lines pointless:
>  %{_datadir}/frama-c/why
>  %{_datadir}/frama-c/manuals
> Basically, %{_datadir}/frama-c/why and ../manuals don't get packaged at all.
> The file list in -devel don't look right at all to me; they look like examples
> but NOT code necessary for developers depending on frama-c.
> (See http://fedoraproject.org/wiki/Packaging:OCaml for more on OCaml -devel
> packages.)
> I suggest re-examining the %files list, so that they get split more cleanly
> *AND* so that there's a -doc subpackage.

What I wanted to put in there was the code that is necessary to compile plugins with Frama-C. At minimum, the Makefiles in that group are necessary, and I thought that the extra files in there were necessary for plugin compilation, but this appears to be untrue - I will need to re-examine exactly what is necessary for plugin compilation. (It may well be more of the files as in a conventional OCaml package, but to begin with I purposely did not package this like an OCaml library because I thought one would not need some of the Frama-C files.)

I suppose the documentation is large enough to require a doc package.

> Strictly speaking, what you're packaging is "Frama-C Beryllium 2" not
> "Beryllium".

True.

> This package contains a GUI, so there should be a .desktop file.

Also true.

> The Makefile uses "$(CP)" everywhere, but its definition (in
> share/Makefile.common) doesn't preserve timestamps (this impacts the 'make
> install' in the -devel package in particular).  You need to try to preserve
> timestamps.  One way would be to modify share/Makefile.common so that:
>  CP      = cp -f
> becomes:
>  CP      = cp -f --preserve=timestamps
>
> Have you tried passing the SMP flags, e.g.:
>   make %{?_smp_mflags}
> if that FAILS, then that should be documented, otherwise you should try to
> build using SMP.

I'll make these last two changes as well.

Comment 12 David A. Wheeler 2010-02-18 03:34:04 UTC
(In reply to comment #10)

The basic question is how to convert the version name "Beryllium 2" into something reasonable.  Sorry to have such a long conversation about version/release id's, but upstream's version naming convention is hideous and it's not directly covered by the Fedora guidelines.  Anyway, I looked at this for some guidance:
http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Package_Version

Since Beryllium has atomic number 4, this is subrelease 2 of the Beryllium version, and we should prefix with "0." (see comment #5 and comment #6), then I think we should have:
 Version: 0.4.2

We could have a perfectly reasonable 'release' value like this, since 0.4.2 would uniquely map to Beryllium 2:
 Release: 1%{?dist}
Having a simple 'release' value has its own virtues, and that'd be quite reasonable.

However, what I was thinking was that many people might not understand that version "0.4.2" was the same thing as "Beryllium 2" (unless they look up our translation gimmick).   The "Release" value is where nonnumeric version id's hide, so I was thinking that we might use the Release field to provide that info to users.  E.G., perhaps something like this for Beryllium 2:
 Release: 1.beryllium.2%{?dist}

Then the initial release number would be incremented for each new package release of Beryllium 2.

Does that sound reasonable?  Comments, anyone?

Comment 13 Alan Dunn 2010-02-22 04:53:38 UTC
(In reply to comment #12)
> (In reply to comment #10)
> 
> The basic question is how to convert the version name "Beryllium 2" into
> something reasonable.  Sorry to have such a long conversation about
> version/release id's, but upstream's version naming convention is hideous and
> it's not directly covered by the Fedora guidelines.  Anyway, I looked at this
> for some guidance:
> http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Package_Version
> 
> Since Beryllium has atomic number 4, this is subrelease 2 of the Beryllium
> version, and we should prefix with "0." (see comment #5 and comment #6), then I
> think we should have:
>  Version: 0.4.2
> 
> We could have a perfectly reasonable 'release' value like this, since 0.4.2
> would uniquely map to Beryllium 2:
>  Release: 1%{?dist}
> Having a simple 'release' value has its own virtues, and that'd be quite
> reasonable.
> 
> However, what I was thinking was that many people might not understand that
> version "0.4.2" was the same thing as "Beryllium 2" (unless they look up our
> translation gimmick).   The "Release" value is where nonnumeric version id's
> hide, so I was thinking that we might use the Release field to provide that
> info to users.  E.G., perhaps something like this for Beryllium 2:
>  Release: 1.beryllium.2%{?dist}
> 
> Then the initial release number would be incremented for each new package
> release of Beryllium 2.
> 
> Does that sound reasonable?  Comments, anyone?    

Sounds fine to me. I've gone some of the distance toward making the revisions you wanted. New SRPM at

https://www.openproofs.org/packages/frama-c/frama-c-0.4.2-1.Beryllium.2.fc12.src.rpm

(spec file location is the same)

Changes made:
- Now has a doc subpackage, desktop file
- Version name changed
- cp timestamps modification
- Added short tests/long tests option (short tests is default unless "with lengthy_tests")
- Patch rename and justification as above
- Builds in Koji (http://koji.fedoraproject.org/koji/taskinfo?taskID=2004214) thanks to fixed BuildRequires

Still to do:
- Talk to Medhi Dogguy about functionality of some of the patches
- Get word from Fedora Legal
- SELinux issues
- Repackage -devel subpackage (exact contents necessary still unknown...)
- SMP flags

Comment 14 David A. Wheeler 2010-02-22 13:31:35 UTC
Congrats on making progress...!

> Still to do...
>- SELinux issues
>- Repackage -devel subpackage (exact contents necessary still unknown...)
>- SMP flags 

Do you need help on any of this?  If you do, what help do you need?

Comment 15 Mark Rader 2010-04-24 18:34:40 UTC
I will be taking over the package from Allan Dunn in the next week.  I will post it when the takeover is completed and I will submit it as a new bug report.

Comment 16 Richard W.M. Jones 2010-04-26 08:09:01 UTC
No need for a new bug, just post an update here.

Comment 17 Pascal Cuoq 2010-04-27 12:31:58 UTC
Regarding the SELinux, that I understand to be related to dynamic loading in OCaml, Frama-C's only fault is to be the first packaged OCaml program that uses dynamic loading. If something can be done to have OCaml produce dynamically linkable code that satisfies SELinux, it should be done at the level of the compiler.
Assuming dynamic loading is the problem, the issue can be worked around with ./configure -with-all-static. But then there will be a monolithic executable, and that may not be the way you would like to package it.

I would also urge you NOT to invent a new numbering scheme for versions. "Boron", "Beryllium 2", etc... are nicknames with no numerical significance. The next release could be named "Steel". There is already a version number for the last release, and this number is 20100401. If you were looking for major and minor numbers indicating compatibility, please consider that every release is a new major release. There has never been a Frama-C release that was compatible with a previous version and the next one won't be either, trust me.

Comment 18 Mark Rader 2010-04-30 00:37:57 UTC
Well I got the package to build successfully and build the SRPMS, and RPMS.  I have used the rpmlint tool on all of the packages with the following result.

rpmlint frama-c.spec ../RPMS/x86_64/frama-c-1.4-1.fc12.x86_64.rpm ../RPMS/x86_64/frama-c-devel-1.4-1.fc12.x86_64.rpm ../SRPMS/frama-c-1.4-1.fc12.src.rpm

frama-c.spec:111: W: make-check-outside-check-section # make tests | grep --silent "Ok  = 1579 of 1581"

frama-c.x86_64: W: invalid-license QPL with modifications

frama-c.x86_64: W: unstripped-binary-or-object /usr/bin/frama-c
frama-c.x86_64: W: unstripped-binary-or-object /usr/bin/frama-c-gui
frama-c.x86_64: W: unstripped-binary-or-object /usr/bin/frama-c.byte
frama-c.x86_64: W: unstripped-binary-or-object /usr/bin/frama-c-gui.byte
frama-c.x86_64: W: unstripped-binary-or-object /usr/lib64/frama-c/plugins/Ltl_to_acsl.cmxs

frama-c-devel.x86_64: W: spelling-error %description -l en_US plugins -> plug ins, plug-ins, plugging

frama-c-devel.x86_64: W: invalid-license QPL with modifications
frama-c-devel.x86_64: W: no-documentation

frama-c.src: W: invalid-license QPL with modifications
frama-c.src:111: W: make-check-outside-check-section # make tests | grep --silent "Ok  = 1579 of 1581"

The first warning should be easy to fix and that should also fix the last warning.  We need to check out the license issues so that should help.  Does anyone have an idea what the stripped-binary-or-object error is caused by and how to fix it, or is it even an issue.

Comment 19 Mark Rader 2010-04-30 01:04:43 UTC
I checked ou the invalid license issue.  The QPL license with modifications are included with the source.  The modifications are as follows:

"As a special exception to the Q Public Licence, you may develop
application programs, reusable components and other software items
that link with the original or modified versions of the Generator
and are not made available to the general public, without any of the
additional requirements listed in clause 6c of the Q Public licence.

As a special exception to the GNU Library General Public License, you
may link, statically or dynamically, a "work that uses the Library"
with a publicly distributed version of the Library to produce an
executable file containing portions of the Library, and distribute
that executable file under terms of your choice, without any of the
additional requirements listed in clause 6 of the GNU Library General
Public License.  By "a publicly distributed version of the Library",
we mean either the unmodified Library as distributed by INRIA, or a
modified version of the Library that is distributed under the
conditions defined in clause 3 of the GNU Library General Public
License.  This exception does not however invalidate any other reasons
why the executable file might be covered by the GNU Library General
Public License."

So I don't see this as an issue.  QPL seems to generally be the same as GPL and this allows for the base use of the library that will not be publicly released.

Comment 20 Richard W.M. Jones 2010-04-30 07:23:11 UTC
Adding exceptions to a license is fine.  It allows people to do more things
(make the license more towards BSD).

Have you tried stripping the executables that rpmlint complains about?
Make sure they still run after they've been stripped though.

Comment 21 Mark Rader 2010-04-30 12:57:47 UTC
As an update:

I have fixed the following:
frama-c.spec:111: W: make-check-outside-check-section # make tests | grep
--silent "Ok  = 1579 of 1581"

From reading the license and the comment above:
frama-c-devel.x86_64: W: invalid-license QPL with modifications
This does not appear to be an issue.

This error:
frama-c-devel.x86_64: W: spelling-error %description -l en_US plugins -> plug
ins, plug-ins, plugging
appears to be minor and more of annoyance.  I can not find anything relating to this in the .spec file or in the source code.

As for the error unstripped-binary-or-object messages, I talked with David Wheeler and the problem may be with an inproper stripping rather than the binaries not being stripped.  I am not sure if this is actually necessary.

Comment 22 Mark Rader 2010-05-01 13:34:17 UTC
All

The latest rpmlint output is as follows:

rpmlint frama-c.spec ../RPMS/x86_64/frama-c-1.4-1.fc12.x86_64.rpm ../RPMS/x86_64/frama-c-devel-1.4-1.fc12.x86_64.rpm ../SRPMS/frama-c-1.4-1.fc12.src.rpm 

frama-c.x86_64: W: invalid-license QPL with modifications
frama-c.x86_64: W: unstripped-binary-or-object /usr/bin/frama-c.byte
frama-c.x86_64: W: unstripped-binary-or-object /usr/bin/frama-c-gui.byte
frama-c.x86_64: W: unstripped-binary-or-object /usr/lib64/frama-c/plugins/Ltl_to_acsl.cmxs

frama-c-devel.x86_64: W: invalid-license QPL with modifications
frama-c-devel.x86_64: W: no-documentation

frama-c.src: W: invalid-license QPL with modifications

3 packages and 1 specfiles checked; 0 errors, 7 warnings

As stated before the QPL modifications do not seem to be an issue.  They just make the license less restrictive.  I have the code stripping two of the binaries but the unstripped binarys appear to be libraries especially the last one.  I will post the latest update to the package this weekend.

Comment 23 Mark Rader 2010-05-02 01:29:34 UTC
Spec URL: http://tpath3.dnsalias.net/openproofs/frama-c.spec
SRPM URL:
http://tpath3.dnsalias.net/openproofs/frama-c-1.4-1.fc12.src.rpm
RPM URL:
http://tpath3.dnsalias.net/openproofs/frama-c-1.4-1.fc12.x86_64.rpm

Description: Frama-C is a suite of tools dedicated to the analysis of the
source
code of software written in C.

Frama-C gathers several static analysis techniques in a single
collaborative framework. The collaborative approach of Frama-C allows
static analyzers to build upon the results already computed by other
analyzers in the framework. Thanks to this approach, Frama-C provides
sophisticated tools, such as a slicer and dependency analysis.

There are 6 warnings.  3 deal with the QPL License with exceptions.  3 deal with unstripped binaries.  At least one of the binaries is a loadable library and can not be stripped.  I suspect the other two also.

Comment 24 Mark Rader 2010-05-03 23:35:20 UTC
I updated the installation and now it adds the frama-c specific library to the selinux database.  So that I need to find out how, at installation time to require a helper package, graphviz-dev,  this is not required for compile only to run certain functions?  It is ready for someone to start examining.

Comment 25 Richard W.M. Jones 2010-05-04 09:29:03 UTC
(In reply to comment #24)
> It is ready for someone to start examining.    

This won't just happen by magic.  You need to negotiate with
someone to get them to do a review, perhaps involving swapping
one of their reviews for this one.  Ask about it on one of the Fedora
general development mailing lists.

Comment 26 Mark Rader 2010-05-09 13:53:25 UTC
(In reply to comment #25)
> (In reply to comment #24)
> > It is ready for someone to start examining.    
> 
> This won't just happen by magic.  You need to negotiate with
> someone to get them to do a review, perhaps involving swapping
> one of their reviews for this one.  Ask about it on one of the Fedora
> general development mailing lists.    

Which one would you recommend?

Comment 28 Richard W.M. Jones 2010-05-09 15:10:43 UTC
I suggest you follow up to that email and offer to swap a review with
someone.  It's good as well because you'll get practice doing reviews.

Comment 29 Mark Rader 2010-05-15 14:26:31 UTC
I have created a new bug report so that I can edit settings and obtain sponsorship.  The new bug is:

https://bugzilla.redhat.com/show_bug.cgi?id=592579

Comment 30 Richard W.M. Jones 2010-05-15 16:28:40 UTC

*** This bug has been marked as a duplicate of bug 592579 ***


Note You need to log in before you can comment on or make changes to this bug.