Bug 730232 - Review Request: jboss-servlet-3.0-api - Java Servlet 3.0 API
Summary: Review Request: jboss-servlet-3.0-api - Java Servlet 3.0 API
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Andy Grimm
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 730226
Blocks: 730233 801651
TreeView+ depends on / blocked
 
Reported: 2011-08-12 08:57 UTC by Marek Goldmann
Modified: 2016-11-08 03:45 UTC (History)
8 users (show)

Fixed In Version: jboss-servlet-3.0-api-1.0.1-1.fc17
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-04-12 01:53:44 UTC
agrimm: fedora-review+
gwync: fedora-cvs+


Attachments (Terms of Use)

Comment 1 Alexander Kurtakov 2011-09-27 07:32:28 UTC
Why does jboss needs to copy every api in its own repo?
According to the license headers this is not  LGPLv2+ but every file is mix of GPLv2(only) and ASL 2.0 which are known to be incompatible. I would wait for legal but according to me this cannot go into Fedora.

Comment 2 Marek Goldmann 2011-10-02 07:49:23 UTC
Rich,

Could you please clarify licensing for this package? Thanks!

Comment 3 Marek Goldmann 2011-11-04 12:17:45 UTC
Ping?

Comment 4 Ivan Afonichev 2011-11-08 16:57:44 UTC
Is there something that is absent on tomcat-servlet-3.0-api https://admin.fedoraproject.org/pkgdb/acls/name/tomcat ?

Comment 5 Richard Fontana 2012-03-09 05:47:23 UTC
(In reply to comment #1)
> According to the license headers this is not  LGPLv2+ but every file is mix of
> GPLv2(only) and ASL 2.0 which are known to be incompatible. I would wait for
> legal but according to me this cannot go into Fedora.

While this is certainly odd, I see various ways of conceptually resolving any supposed license incompatibility. The easiest may be to assume that all code is CDDL. It is significant that the nominal copyright holder clearly saw no problem with incorporating Apache License 2.0 code into files licensed under CDDL/GPLv2. 

Lifting FE-Legal. Marek, the only real issue here is that the License tag should be changed from "LGPLv2+" to "CDDL".

Comment 7 Andy Grimm 2012-03-12 16:20:09 UTC
Fixes look good.

================
*** APPROVED ***
================

Comment 8 Andy Grimm 2012-03-12 16:20:42 UTC
OOPS!  Wrong review!

Comment 9 Andy Grimm 2012-03-12 17:34:05 UTC
Package Review
==============

Key:
- = N/A
x = Check
! = Problem
? = Not evaluated

=== REQUIRED ITEMS ===
[x]  Rpmlint output:
jboss-servlet-3.0-api.src: W: invalid-url URL: http://www.jboss.org HTTP Error 403: Forbidden
jboss-servlet-3.0-api.src: W: invalid-url Source0: jboss-servlet-3.0-api-1.0.1.20120312gitd4b6f2.tar.xz
jboss-servlet-3.0-api.noarch: W: invalid-url URL: http://www.jboss.org HTTP Error 403: Forbidden
jboss-servlet-3.0-api.noarch: E: incorrect-fsf-address /usr/share/doc/jboss-servlet-3.0-api-1.0.1/LICENSE
jboss-servlet-3.0-api-javadoc.noarch: W: spelling-error Summary(en_US) Javadocs -> Java docs, Java-docs, Avocados
jboss-servlet-3.0-api-javadoc.noarch: W: invalid-url URL: http://www.jboss.org HTTP Error 403: Forbidden
jboss-servlet-3.0-api-javadoc.noarch: E: incorrect-fsf-address /usr/share/doc/jboss-servlet-3.0-api-javadoc-1.0.1/LICENSE
3 packages and 0 specfiles checked; 2 errors, 5 warnings.

The FSF address should be fixed by upstream.  All other warnings are normal.

[x]  Package is named according to the Package Naming Guidelines[1].
[x]  Spec file name must match the base package name, in the format %{name}.spec.
[x]  Package meets the Packaging Guidelines[2].
[x]  Package successfully compiles and builds into binary rpms.
[x]  Buildroot definition is not present
[x]  Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4].
[x]  License field in the package spec file matches the actual license.
License type: CDDL
[x]  If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
[x]  All independent sub-packages have license of their own
[x]  Spec file is legible and written in American English.
[x]  Sources used to build the package matches the upstream source, as provided in the spec URL.
Git source (unpacked tarball matches)
[x]  All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5].
[x]  Package must own all directories that it creates or must require other packages for directories it uses.
[x]  Package does not contain duplicates in %files.
[x]  File sections do not contain %defattr(-,root,root,-) unless changed with good reason
[x]  Permissions on files are set properly.
[x]  Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore)
[x]  Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing)
[x]  Package contains code, or permissable content.
[-]  Fully versioned dependency in subpackages, if present.
[-]  Package contains a properly installed %{name}.desktop file if it is a GUI application.
[x]  Package does not own files or directories owned by other packages.
[x]  Javadoc documentation files are generated and included in -javadoc subpackage
[x]  Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks)
[x]  Packages have proper BuildRequires/Requires on jpackage-utils
[x]  Javadoc subpackages have Require: jpackage-utils
[x]  Package uses %global not %define
[x]  If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...)
[-]  If source tarball includes bundled jar/class files these need to be removed prior to building
[x]  All filenames in rpm packages must be valid UTF-8.
[x]  Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details)
[x]  If package contains pom.xml files install it (including depmaps) even when building with ant
[x]  pom files has correct add_maven_depmap

=== Maven ===
[x]  Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms
[-]  If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment
[-]  If package uses custom depmap "-Dmaven.local.depmap.file=*" explain why it's needed in a comment
[x]  Package DOES NOT use %update_maven_depmap in %post/%postun
[x]  Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro

=== Other suggestions ===
[x]  If possible use upstream build method (maven/ant/javac)
[x]  Avoid having BuildRequires on exact NVR unless necessary
[x]  Package has BuildArch: noarch (if possible)
[x]  Latest version is packaged.
[x]  Reviewer should test that the package builds in mock.
Tested on: http://koji.fedoraproject.org/koji/taskinfo?taskID=3885681

=== Issues ===
1. As with other jboss packages, please inform upstream of the incorrect FSF address.

=== Final Notes ===
1. While I trust Richard on what the license of this package should be, I find it bizarre that we are packaging a file called "LICENSE" which is not the most applicable license, and then packaging a README which contains more detailed info about the actual license.  I've seen this in several places.  I don't think there's anything you can do about it except complain to all the upstreams who do this.  It's quite conceivable, though, that people looking for license info will never think to read the README.

================
*** APPROVED ***
================

Comment 10 Marek Goldmann 2012-03-13 07:10:57 UTC
Thanks for review!

New Package SCM Request
=======================
Package Name:      jboss-servlet-3.0-api
Short Description: Java Servlet 3.0 API
Owners:            goldmann
Branches:          f17

Comment 11 Gwyn Ciesla 2012-03-13 13:01:21 UTC
Git done (by process-git-requests).

Comment 12 Fedora Update System 2012-03-13 13:39:59 UTC
jboss-servlet-3.0-api-1.0.1-0.1.20120312gitd4b6f2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/jboss-servlet-3.0-api-1.0.1-0.1.20120312gitd4b6f2.fc17

Comment 13 Fedora Update System 2012-03-16 19:04:46 UTC
jboss-servlet-3.0-api-1.0.1-0.1.20120312gitd4b6f2.fc17 has been pushed to the Fedora 17 testing repository.

Comment 14 Fedora Update System 2012-03-19 10:13:26 UTC
jboss-servlet-3.0-api-1.0.1-1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/jboss-servlet-3.0-api-1.0.1-1.fc17

Comment 15 Fedora Update System 2012-04-12 01:53:44 UTC
jboss-servlet-3.0-api-1.0.1-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.