Spec URL: http://goldmann.fedorapeople.org/package_review/hibernate-commons-annotations.spec SRPM URL: http://goldmann.fedorapeople.org/package_review/hibernate-commons-annotations-3.2.0-1.fc15.src.rpm Description: Following the DRY (Don't Repeat Yourself) principle, Hibernate Validator let's you express your domain constraints once (and only once) and ensure their compliance at various level of your system automatically. Common reflection code used in support of annotation processing. Koji scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=3086870
Updated files: Spec URL: http://goldmann.fedorapeople.org/package_review/hibernate-commons-annotations.spec SRPM URL: http://goldmann.fedorapeople.org/package_review/hibernate-commons-annotations-3.2.0-2.fc15.src.rpm %changelog * Mon May 23 2011 Marek Goldmann <mgoldman> 3.2.0-2 - Moved to hibernate subdirectory
Hi. I'm gonna do the review.
Package Review ============== Key: - = N/A x = Check ! = Problem ? = Not evaluated === REQUIRED ITEMS === [x] Rpmlint output: $ rpmlint hibernate-commons-annotations-3.2.0-2.fc14.noarch.rpm hibernate-commons-annotations.noarch: W: invalid-url URL: http://www.hibernate.org/ HTTP Error 403: Forbidden hibernate-commons-annotations.noarch: W: non-conffile-in-etc /etc/maven/fragments/hibernate-commons-annotations 1 packages and 0 specfiles checked; 0 errors, 2 warnings. $ rpmlint hibernate-commons-annotations-javadoc-3.2.0-2.fc14.noarch.rpm hibernate-commons-annotations-javadoc.noarch: W: spelling-error Summary(en_US) Javadocs -> Java docs, Java-docs, Javanese hibernate-commons-annotations-javadoc.noarch: W: invalid-url URL: http://www.hibernate.org/ HTTP Error 403: Forbidden 1 packages and 0 specfiles checked; 0 errors, 2 warnings. $ rpmlint hibernate-commons-annotations-3.2.0-2.fc14.src.rpm hibernate-commons-annotations.src: W: invalid-url URL: http://www.hibernate.org/ HTTP Error 403: Forbidden hibernate-commons-annotations.src: W: invalid-url Source0: hibernate-commons-annotations-3.2.0.Final.tar.gz 1 packages and 0 specfiles checked; 0 errors, 2 warnings. NOTE: URL is accessible. [x] Package is named according to the Package Naming Guidelines[1]. [x] Spec file name must match the base package name, in the format %{name}.spec. [x] Package meets the Packaging Guidelines[2]. [x] Package successfully compiles and builds into binary rpms. [x] Buildroot definition is not present [x] Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4]. [!] License field in the package spec file matches the actual license. License type: LGPLv2+ The license statement contained in the source file headers matches neither the LGPLv2+ nor the LGPLv2 statement exactly. The license version is missing at all and the plus sign usually indicates a presence of the "or any later version" clause in the statement. At the moment I'm waiting for the fedora-legal answer confirming, if the license can be considered a LGPLv2 compatible. Recommendation : Contact upstream in order to clarify that. [-] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x] All independent sub-packages have license of their own [x] Spec file is legible and written in American English. [x] Sources used to build the package matches the upstream source, as provided in the spec URL. MD5SUM this package : 0fa977770b40e49f372216fd63d1e60b (size 34028 bytes) MD5SUM upstream package : not relevant -> svn export NOTE: directory diff was empty -> sources match [x] All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5]. [x] Package must own all directories that it creates. [-] Package requires other packages for directories it uses. [x] Package does not contain duplicates in %files. [x] Permissions on files are set properly. [x] Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore) [x] Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing) [x] Package contains code, or permissable content. [-] Fully versioned dependency in subpackages, if present. [-] Package contains a properly installed %{name}.desktop file if it is a GUI application. [x] Package does not own files or directories owned by other packages. [x] Javadoc documentation files are generated and included in -javadoc subpackage [x] Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks) [x] Packages have proper BuildRequires/Requires on jpackage-utils [x] Javadoc subpackages have Require: jpackage-utils [x] Package uses %global not %define [x] If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...) [-] If source tarball includes bundled jar/class files these need to be removed prior to building [x] All filenames in rpm packages must be valid UTF-8. [x] Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details) [x] If package contains pom.xml files install it (including depmaps) even when building with ant [x] pom files has correct add_to_maven_depmap call which resolves to the pom file (use "JPP." and "JPP-" correctly) === Maven === [x] Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms [-] If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment [-] If package uses custom depmap "-Dmaven2.jpp.depmap.file=*" explain why it's needed in a comment [x] Package uses %update_maven_depmap in %post/%postun [x] Packages have Requires(post) and Requires(postun) on jpackage-utils (for %update_maven_depmap macro) === Other suggestions === [x] If possible use upstream build method (maven/ant/javac) [x] Avoid having BuildRequires on exact NVR unless necessary [x] Package has BuildArch: noarch (if possible) [x] Latest version is packaged. [x] Reviewer should test that the package builds in mock. Tested on: fedora-rawhide-x86_64 === Issues === 1. License field doesn't match the license statements contained in the source file headers. [1] https://fedoraproject.org/wiki/Packaging:NamingGuidelines [2] https://fedoraproject.org/wiki/Packaging:Guidelines [3] https://fedoraproject.org/wiki/Packaging:LicensingGuidelines [4] https://fedoraproject.org/wiki/Licensing:Main [5] https://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions_2 [6] https://fedoraproject.org/wiki/Packaging:Java#Filenames
Hi Jaromír, Readme included with the package contains following sentence: "This software and its documentation are distributed under the terms of the FSF Lesser Gnu Public License (see lgpl.txt)." Though, there is no lgpl.txt file included, but POM file includes this: <licenses> <license> <name>GNU LESSER GENERAL PUBLIC LICENSE</name> <url>http://www.gnu.org/licenses/lgpl.txt</url> </license> </licenses> Is this sufficient?
Hi Marek. The problem is, that the mentioned link always points to the latest LGPL version (what could be at the moment understood as LGPLv3+ or not). Unfortunately the LGPLv3 doesn't seem to specify an exact statement and that's why it would be better to have a full license text included in the package to avoid confusions. Please, ask the upstream to include the license file in the source package. The following text is taken directly from the Licensing Guidelines: In cases where the licensing is unclear, it may be necessary to contact the copyright holders to confirm the licensing of code or content. In those situations, it is _always_ preferred to ask upstream to resolve the licensing confusion by documenting the licensing and releasing an updated tarball. However, this is not always possible to achieve. In such cases, it is acceptable to receive confirmation of licensing via email. A copy of the email, containing full headers, must be included as a source file (marked as %doc) in the package. This file is considered part of the license text.
Hi Jaromír, Thanks for the explanation. I've sent a mail to hibernate-commons-annotations maintainer - waiting for response. --Marek
I received message form Emmanuel - he pointed me tho the fix in git: * https://github.com/hibernate/hibernate-commons-annotations/commit/4a902b4f97f923f9044a4127357b44fe5dc39cdc * https://github.com/hibernate/hibernate-commons-annotations/commit/a11c44cd65dadcedaf8981379b94a2c4e31428d1 I've also moved the way the sources are obtained - now from github. I've updated the spec file reflecting the changes: Spec URL: http://goldmann.fedorapeople.org/package_review/hibernate-commons-annotations/3/hibernate-commons-annotations.spec SRPM URL: http://goldmann.fedorapeople.org/package_review/hibernate-commons-annotations/3/hibernate-commons-annotations-3.2.0-3.fc15.src.rpm
================ *** APPROVED *** ================
Thank you Jaromir! New Package SCM Request ======================= Package Name: hibernate-commons-annotations Short Description: Hibernate Annotations Owners: goldmann Branches: f15 InitialCC: java-sig
Git done (by process-git-requests).