Dear members, please could you review this package to check its suitability for the Fedora Project? The W3AF, is a Web Application Attack and Audit Framework. The W3AF core and it's plug-ins are fully written in python. The project has more than 130 plug-ins, which check for SQL injection, cross site scripting (XSS), local and remote file inclusion and much more. SPEC Url: http://rebus.webz.cz/d/w3af.spec SRPM Url: http://rebus.webz.cz/d/w3af-1.0-0.1.rc3.fc12.src.rpm Best regards Michal Ambroz
While this package has a security relevance, the Security keyword is for security flaws. I'm removing the keyword. Thanks for adding this, it should prove useful.
This will be long run I guess. http://lists.fedoraproject.org/pipermail/legal/2010-April/001213.html Tom "spot" Callaway pointed out that the package as it is could be complicated from the licensing point of view. GPLv2 is incompatible with GPLv3. Any help with review/comments/suggestions/packing dependencies are welcome.
Some issues I found at first sight: 1) the manpage does not need to be gziped manually, this is done automatically by rpm 2) The complex License tag should have a comment explaining why it is that complicated 3) for the locales find-lang.sh should be used (see package guidelines) 4) the correct SF.net download URL is downloads.sourceforge.net/%{name}/%{name}-1.0-rc3.tar.bz2 iirc (see Source guidelines) 5) The patches need comments explaining why they are not upstreamable or if they are, what there upstream status is e.g. a pointer to the upstream tracker with the patch would be good. And please add a date to these comments If you need detailed URLs to the mentioned guidelines, please ask and I will provide them. And please provide links to unofficial reviews you performed, if you did some.
Were the licensing issues ever clarified? Any response to Till's commentary above? At this point few people will spend time looking at this ticket if you don't respond to existing commentary.