Bug 730306 - Review Request: jboss-interceptors-1.1-api - Interceptors 1.1 API
Summary: Review Request: jboss-interceptors-1.1-api - Interceptors 1.1 API
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Vladimir Kostadinov
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 730226
Blocks: 730314 802909 803381 804659
TreeView+ depends on / blocked
 
Reported: 2011-08-12 12:39 UTC by Marek Goldmann
Modified: 2012-04-12 02:05 UTC (History)
7 users (show)

Fixed In Version: jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-04-12 02:05:13 UTC
vladimir.kostadinov: fedora-review+
gwync: fedora-cvs+


Attachments (Terms of Use)

Comment 1 Vladimir Kostadinov 2011-11-11 17:49:53 UTC
I'll review it.

Comment 3 Marek Goldmann 2012-03-07 09:15:05 UTC
License cleanup pull request: https://github.com/jboss/jboss-interceptors-api_spec/pull/1

Comment 5 Richard Fontana 2012-03-10 03:30:17 UTC
Lifting FE-Legal.

Comment 6 Marek Goldmann 2012-03-10 22:18:54 UTC
Vladimir, could you please take a look at the updated file or release the review if you don't have time?

Comment 7 Vladimir Kostadinov 2012-03-12 08:34:49 UTC
Package Review
==============

Key:
- = N/A
x = Check
! = Problem
? = Not evaluated

=== REQUIRED ITEMS ===
[!]  Rpmlint output:

jboss-interceptors-1.1-api.noarch: W: invalid-url URL: http://www.jboss.org HTTP Error 403: Forbidden
The value should be a valid, public HTTP, HTTPS, or FTP URL.
OK.

jboss-interceptors-1.1-api.noarch: E: incorrect-fsf-address /usr/share/doc/jboss-interceptors-1.1-api-1.0.1/LICENSE
The Free Software Foundation address in this file seems to be outdated or
misspelled.  Ask upstream to update the address, or if this is a license file,
possibly the entire file with a new copy available from the FSF.

jboss-interceptors-1.1-api-javadoc.noarch: W: spelling-error Summary(en_US) Javadocs -> Java docs, Java-docs, Avocados
The value of this tag appears to be misspelled. Please double-check.
OK.

jboss-interceptors-1.1-api-javadoc.noarch: W: invalid-url URL: http://www.jboss.org HTTP Error 403: Forbidden
The value should be a valid, public HTTP, HTTPS, or FTP URL.
OK.

jboss-interceptors-1.1-api-javadoc.noarch: E: incorrect-fsf-address /usr/share/doc/jboss-interceptors-1.1-api-javadoc-1.0.1/LICENSE
The Free Software Foundation address in this file seems to be outdated or
misspelled.  Ask upstream to update the address, or if this is a license file,
possibly the entire file with a new copy available from the FSF.

[x]  Package is named according to the Package Naming Guidelines[1].
[x]  Spec file name must match the base package name, in the format %{name}.spec.
[x]  Package meets the Packaging Guidelines[2].
[x]  Package successfully compiles and builds into binary rpms.
[x]  Buildroot definition is not present
[x]  Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4].
[!]  License field in the package spec file matches the actual license.
License type: CDDL or GPLv2 with exceptions
[x]  If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
[x]  All independent sub-packages have license of their own
[x]  Spec file is legible and written in American English.
[x]  Sources used to build the package matches the upstream source, as provided in the spec URL.
[x]  All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5].
[x]  Package must own all directories that it creates or must require other packages for directories it uses.
[x]  Package does not contain duplicates in %files.
[x]  File sections do not contain %defattr(-,root,root,-) unless changed with good reason
[x]  Permissions on files are set properly.
[x]  Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore)
[x]  Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing)
[x]  Package contains code, or permissable content.
[x]  Fully versioned dependency in subpackages, if present.
[-]  Package contains a properly installed %{name}.desktop file if it is a GUI application.
[x]  Package does not own files or directories owned by other packages.
[x]  Javadoc documentation files are generated and included in -javadoc subpackage
[x]  Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks)
[x]  Packages have proper BuildRequires/Requires on jpackage-utils
[x]  Javadoc subpackages have Require: jpackage-utils
[x]  Package uses %global not %define
[x]  If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...)
[-]  If source tarball includes bundled jar/class files these need to be removed prior to building
[x]  All filenames in rpm packages must be valid UTF-8.
[x]  Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details)
[x]  If package contains pom.xml files install it (including depmaps) even when building with ant
[x]  pom files has correct add_maven_depmap

=== Maven ===
[x]  Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms
[-]  If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment
[-]  If package uses custom depmap "-Dmaven.local.depmap.file=*" explain why it's needed in a comment
[x]  Package DOES NOT use %update_maven_depmap in %post/%postun
[x]  Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro

=== Other suggestions ===
[x]  If possible use upstream build method (maven/ant/javac)
[x]  Avoid having BuildRequires on exact NVR unless necessary
[x]  Package has BuildArch: noarch (if possible)
[x]  Latest version is packaged.
[x]  Reviewer should test that the package builds in mock.
Tested on:


=== Issues ===
1. LICENSE file should be updated so it has correct FSF address.
2. Mismatch of licenses. In LICENSE file it's "GPLv2", in README it's "CDDL or GPLv2 with exceptions" and in /src/main/resources/LICNESE.txt it's "Apache 2.0"
Please fix the mismatching licenses.

================
*** REJECTED ***
================

Comment 8 Marek Goldmann 2012-03-12 10:27:02 UTC
Some notes:

1. Upstream was informed about the FSF address issue.
2. There is no mismatch of licenses here. It was cleared with RH Legal. Rich, could you please confirm that the license should be "CDDL or GPLv2 with exceptions"?

Comment 9 Marek Goldmann 2012-03-12 10:34:27 UTC
Vladimir, please note also that the Legal flag was lifted after I updated the spec file.

Comment 10 Vladimir Kostadinov 2012-03-12 11:26:44 UTC
If this package has been cleared with "CDDL or GPLv2 with exceptions", then please remove "ASL 2.0" license from /src/main/resources/LICENSE.txt and put license information in some of the source file headers.

Having LICENSE.txt with ASL 2.0 can mislead one to assuming that ASL 2.0 is a valid license too.

Comment 11 Richard Fontana 2012-03-12 12:10:14 UTC
I confirm that the best license tag here is "CDDL or GPLv2 with exceptions".

Putting license information in the source file headers is, to my knowledge, not a Fedora packaging or legal requirement. 

The inclusion of the Apache License 2.0 may not be necessary and will be investigated upstream. However, it is not necessarily in conflict with the CDDL/GPLv2 license designation, and therefore should not be a packaging obstacle IMO.

Comment 12 Alexander Kurtakov 2012-03-12 12:21:27 UTC
Hmm, as Vladimir's sponsor I have to say that he is correct despite the legal team opinion. It is not obvious what the license is. And having the ASL 2.0 license shipped with the source should make the License tag at least "CDDL or GPLv2 with exceptions or ASL 2.0" otherwise clear headers should be added to the source files or ASL license file removed from the source tarball  so one can exclude the possibility of having ASL 2.0 content in the package. From merely looking at the source tarball I would say that it is as legal to ship it under ASL 2.0 as it is to ship it underl GPLv2 with exceptions.

Comment 13 Richard Fontana 2012-03-12 12:44:16 UTC
As lawyer for the committers of the upstream project, I confirm that under currently available information anyone is authorized to remove the Apache License text in this case. 

(However, I would note that one can imagine a case where preservation of the Apache License text would be necessary in otherwise very similar circumstances.)

Comment 14 Vladimir Kostadinov 2012-03-15 08:08:57 UTC
Please either remove the /src/main/resources/LICENSE.txt or add ASL 2.0 to the license tag so I can approve the package.

The license tag and the source tarball content MUST be in sync.

Comment 15 Richard Fontana 2012-03-15 12:34:27 UTC
Marek, given those two options, I suggest removal of /src/main/resources/LICENSE.txt upstream.

Comment 16 Marek Goldmann 2012-03-19 13:05:01 UTC
I just sent a pull request. https://github.com/jboss/jboss-interceptors-api_spec/pull/2

Comment 18 Vladimir Kostadinov 2012-03-20 07:12:58 UTC
Great, thanks!

*** APPROVED ***

Comment 19 Marek Goldmann 2012-03-20 08:02:50 UTC
Thanks!

New Package SCM Request
=======================
Package Name:      jboss-interceptors-1.1-api
Short Description: Interceptors 1.1 API
Owners:            goldmann
Branches:          f17

Comment 20 Gwyn Ciesla 2012-03-20 11:53:23 UTC
Git done (by process-git-requests).

Comment 21 Fedora Update System 2012-03-20 12:33:52 UTC
jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17

Comment 22 Fedora Update System 2012-03-21 18:21:16 UTC
Package jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-4377/jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17
then log in and leave karma (feedback).

Comment 23 Fedora Update System 2012-04-12 02:05:13 UTC
jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.