Spec URL: http://ke4qqq.fedorapeople.org/php-phpcaptcha.spec SRPM URL: http://ke4qqq.fedorapeople.org/php-phpcaptcha-2.0.1-0.1.beta.fc12.src.rpm Description: Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. It can be easily added into existing forms on your website to provide protection from spam bots. It can run on most any webserver as long as you have PHP installed, and GD support within PHP. Securimage does everything from generating the CAPTCHA images to validating the typed code. Audible codes can be streamed to the browser with Flash for the vision impaired.
Legend: + - Ok. - - Error. +/- - It item acceptable, but I strongly recommend enhancement. = - N/A. MUST Items [+] MUST: rpmlint must be run on every package. The output should be posted in the review. $ rpmlint * php-phpcaptcha.src: W: spelling-error Summary(en_US) Securimage -> Security, Secularism, Secularize php-phpcaptcha.src: W: spelling-error Summary(en_US) captcha -> capt cha, capt-cha, captain php-phpcaptcha.src: W: spelling-error %description -l en_US Securimage -> Security, Secularism, Secularize php-phpcaptcha.src: W: spelling-error %description -l en_US webserver -> web server, web-server, observer php-phpcaptcha.src: W: invalid-url Source0: phpcaptcha-2.0.1.beta.tar.gz php-phpcaptcha.noarch: W: spelling-error Summary(en_US) Securimage -> Security, Secularism, Secularize php-phpcaptcha.noarch: W: spelling-error Summary(en_US) captcha -> capt cha, capt-cha, captain php-phpcaptcha.noarch: W: spelling-error %description -l en_US Securimage -> Security, Secularism, Secularize php-phpcaptcha.noarch: W: spelling-error %description -l en_US webserver -> web server, web-server, observer php-phpcaptcha.spec: W: invalid-url Source0: phpcaptcha-2.0.1.beta.tar.gz 2 packages and 1 specfiles checked; 0 errors, 10 warnings. Spelling errors may be ignored. About source URL I had seen comment in spec and accept it. But I strongly recommend contact to authors with ask add versioned URLs. [+] MUST: The package must be named according to the Package Naming Guidelines. [+] MUST: The spec file name must match the base package %{name}, in the format %{name}.spec unless your package has an exemption. [-] MUST: The package must meet the Packaging Guidelines. 1) Package contain font automatic.gdf it is not allowed: http://fedoraproject.org/wiki/Packaging/Guidelines#Avoid_bundling_of_fonts_in_other_packages [-] MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines. 1) Package contain many .mp3 files which is strongly prohibided - http://fedoraproject.org/wiki/Packaging/Guidelines#Code_Vs_Content 2) Also there binary .swf file - securimage_play.swf If package usable without it - they may be deleted in %prep stage. Or tarball even can be repackaged. [+] MUST: The License field in the package spec file must match the actual license. [+] MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. [+] MUST: The spec file must be written in American English. [+] MUST: The spec file for the package MUST be legible. [+/-] MUST: The sources used to build the package must match the upstream source, as provided in the spec URL. Reviewers should use md5sum for this task. If no upstream URL can be specified for this package, please see the Source URL Guidelines for how to deal with this. $ md5sum phpcaptcha-2.0.1.beta.tar.gz_RPM latest.tar.gz 7b35392f31012ec312247b3cbc59f878 phpcaptcha-2.0.1.beta.tar.gz_RPM 7b35392f31012ec312247b3cbc59f878 latest.tar.gz As I recommend bbefore - please contact upstream author about this issue. [+] MUST: The package MUST successfully compile and build into binary rpms on at least one primary architecture. [=] MUST: If the package does not successfully compile, build or work on an architecture, then those architectures should be listed in the spec in ExcludeArch. Each architecture listed in ExcludeArch MUST have a bug filed in bugzilla, describing the reason that the package does not compile/build/work on that architecture. The bug number MUST be placed in a comment, next to the corresponding ExcludeArch line. [=] MUST: All build dependencies must be listed in BuildRequires, except for any that are listed in the exceptions section of the Packaging Guidelines ; inclusion of those as BuildRequires is optional. Apply common sense. [=] MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. Using %{_datadir}/locale/* is strictly forbidden. [=] MUST: Every binary RPM package (or subpackage) which stores shared library files (not just symlinks) in any of the dynamic linker's default paths, must call ldconfig in %post and %postun. [=] MUST: Packages must NOT bundle copies of system libraries. [=] MUST: If the package is designed to be relocatable, the packager must state this fact in the request for review, along with the rationalization for relocation of that specific package. Without this, use of Prefix: /usr is considered a blocker. [+] MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. [+] MUST: A Fedora package must not list a file more than once in the spec file's %files listings. [+] MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. Every %files section must include a %defattr(...) line. [+] MUST: Each package must have a %clean section, which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). [+] MUST: Each package must consistently use macros. [=] MUST: Large documentation files must go in a -doc subpackage. (The definition of large is left up to the packager's best judgement, but is not restricted to size. Large can refer to either size or quantity). [+] MUST: If a package includes something as %doc, it must not affect the runtime of the application. To summarize: If it is in %doc, the program must run properly if it is not present. [=] MUST: Header files must be in a -devel package. [=] MUST: Static libraries must be in a -static package. [=] MUST: Packages containing pkgconfig(.pc) files must 'Requires: pkgconfig' (for directory ownership and usability). [=] MUST: If a package contains library files with a suffix (e.g. libfoo.so.1.1), then library files that end in .so (without suffix) must go in a -devel package. [=] MUST: In the vast majority of cases, devel packages must require the base package using a fully versioned dependency: Requires: %{name} = %{version}-%{release} [=] MUST: Packages must NOT contain any .la libtool archives, these must be removed in the spec if they are built. [=] MUST: Packages containing GUI applications must include a %{name}.desktop file, and that file must be properly installed with desktop-file-install in the %install section. If you feel that your packaged GUI application does not need a .desktop file, you must put a comment in the spec file with your explanation. [+] MUST: Packages must not own files or directories already owned by other packages. The rule of thumb here is that the first package to be installed should own the files or directories that other packages may rely upon. This means, for example, that no package in Fedora should ever share ownership with any of the files or directories owned by the filesystem or man package. If you feel that you have a good reason to own a file or directory that another package owns, then please present that at package review time. [+] MUST: At the beginning of %install, each package MUST run rm -rf %{buildroot} (or $RPM_BUILD_ROOT). [+] MUST: All filenames in rpm packages must be valid UTF-8. SHOULD Items: [=] SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [=] SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available. [+] SHOULD: The package should compile and build into binary rpms on all supported architectures. http://koji.fedoraproject.org/koji/taskinfo?taskID=2425720 [+] SHOULD: The reviewer should test that the package functions as described. A package should not segfault instead of running, for example. [=] SHOULD: If scriptlets are used, those scriptlets must be sane. This is vague, and left up to the reviewers judgement to determine sanity. [=] SHOULD: Usually, subpackages other than devel should require the base package using a fully versioned dependency. [=] SHOULD: The placement of pkgconfig(.pc) files depends on their usecase, and this is usually for development purposes, so should be placed in a -devel pkg. A reasonable exception is that the main pkg itself is a devel tool not installed in a user runtime, e.g. gcc or gdb. [=] SHOULD: If the package has file dependencies outside of /etc, /bin, /sbin, /usr/bin, or /usr/sbin consider requiring the package which provides the file instead of the file itself. Conclusion: Main trouble with permission content now.
Pavel: Thanks for the review - I am evaluating (and contacting upstream) to see whether these issues can be sanely resolved. I didn't want to give the impression I was ignoring the review.
ping?
David, do you plan continue? I'll drop assignment as reviewer in next week.
This is an automatic check from review-stats script. This review request ticket hasn't been updated for some time, but it seems that the review is still being working out by you. If this is right, please respond to this comment clearing the NEEDINFO flag and try to reach out the submitter to proceed with the review. If you're not interested in reviewing this ticket anymore, please clear the fedora-review flag and reset the assignee, so that a new reviewer can take this ticket. Without any reply, this request will shortly be resetted.
This is an automatic action taken by review-stats script. The ticket reviewer failed to clear the NEEDINFO flag in a month. As per https://fedoraproject.org/wiki/Policy_for_stalled_package_reviews we reset the status and the assignee of this ticket.
This review request is really old. If you still want to include this package in Fedora, please clear the needinfo tag and explain how intend to continue. Otherwise, just leave the tag in place and this request should be automatically closed in a month.
This is an automatic action taken by review-stats script. The ticket submitter failed to clear the NEEDINFO flag in a month. As per https://fedoraproject.org/wiki/Policy_for_stalled_package_reviews we consider this ticket as DEADREVIEW and proceed to close it.