Spec URL: http://goldmann.fedorapeople.org/package_review/jboss-interceptors-api_1.1/1/jboss-interceptors-api_1.1.spec SRPM URL: http://goldmann.fedorapeople.org/package_review/jboss-interceptors-api_1.1/1/jboss-interceptors-api_1.1-1.0.0-1.fc17.src.rpm Description: This package contains The JavaEE Interceptors 1.1 API classes from JSR 318.
I'll review it.
Package renamed to jboss-interceptors-1.1-api: Spec URL: http://goldmann.fedorapeople.org/package_review/jboss-interceptors-api_1.1/2/jboss-interceptors-1.1-api.spec SRPM URL: http://goldmann.fedorapeople.org/package_review/jboss-interceptors-api_1.1/2/jboss-interceptors-1.1-api-1.0.0-1.fc17.src.rpm
License cleanup pull request: https://github.com/jboss/jboss-interceptors-api_spec/pull/1
Spec URL: http://goldmann.fedorapeople.org/package_review/jboss-interceptors-api_1.1/3/jboss-interceptors-1.1-api.spec SRPM URL: http://goldmann.fedorapeople.org/package_review/jboss-interceptors-api_1.1/3/jboss-interceptors-1.1-api-1.0.1-0.1.20120309git31d37b.fc17.src.rpm Updated licensing. Rich could you please lift he Legal flag now?
Lifting FE-Legal.
Vladimir, could you please take a look at the updated file or release the review if you don't have time?
Package Review ============== Key: - = N/A x = Check ! = Problem ? = Not evaluated === REQUIRED ITEMS === [!] Rpmlint output: jboss-interceptors-1.1-api.noarch: W: invalid-url URL: http://www.jboss.org HTTP Error 403: Forbidden The value should be a valid, public HTTP, HTTPS, or FTP URL. OK. jboss-interceptors-1.1-api.noarch: E: incorrect-fsf-address /usr/share/doc/jboss-interceptors-1.1-api-1.0.1/LICENSE The Free Software Foundation address in this file seems to be outdated or misspelled. Ask upstream to update the address, or if this is a license file, possibly the entire file with a new copy available from the FSF. jboss-interceptors-1.1-api-javadoc.noarch: W: spelling-error Summary(en_US) Javadocs -> Java docs, Java-docs, Avocados The value of this tag appears to be misspelled. Please double-check. OK. jboss-interceptors-1.1-api-javadoc.noarch: W: invalid-url URL: http://www.jboss.org HTTP Error 403: Forbidden The value should be a valid, public HTTP, HTTPS, or FTP URL. OK. jboss-interceptors-1.1-api-javadoc.noarch: E: incorrect-fsf-address /usr/share/doc/jboss-interceptors-1.1-api-javadoc-1.0.1/LICENSE The Free Software Foundation address in this file seems to be outdated or misspelled. Ask upstream to update the address, or if this is a license file, possibly the entire file with a new copy available from the FSF. [x] Package is named according to the Package Naming Guidelines[1]. [x] Spec file name must match the base package name, in the format %{name}.spec. [x] Package meets the Packaging Guidelines[2]. [x] Package successfully compiles and builds into binary rpms. [x] Buildroot definition is not present [x] Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4]. [!] License field in the package spec file matches the actual license. License type: CDDL or GPLv2 with exceptions [x] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [x] All independent sub-packages have license of their own [x] Spec file is legible and written in American English. [x] Sources used to build the package matches the upstream source, as provided in the spec URL. [x] All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5]. [x] Package must own all directories that it creates or must require other packages for directories it uses. [x] Package does not contain duplicates in %files. [x] File sections do not contain %defattr(-,root,root,-) unless changed with good reason [x] Permissions on files are set properly. [x] Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore) [x] Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing) [x] Package contains code, or permissable content. [x] Fully versioned dependency in subpackages, if present. [-] Package contains a properly installed %{name}.desktop file if it is a GUI application. [x] Package does not own files or directories owned by other packages. [x] Javadoc documentation files are generated and included in -javadoc subpackage [x] Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks) [x] Packages have proper BuildRequires/Requires on jpackage-utils [x] Javadoc subpackages have Require: jpackage-utils [x] Package uses %global not %define [x] If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...) [-] If source tarball includes bundled jar/class files these need to be removed prior to building [x] All filenames in rpm packages must be valid UTF-8. [x] Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details) [x] If package contains pom.xml files install it (including depmaps) even when building with ant [x] pom files has correct add_maven_depmap === Maven === [x] Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms [-] If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment [-] If package uses custom depmap "-Dmaven.local.depmap.file=*" explain why it's needed in a comment [x] Package DOES NOT use %update_maven_depmap in %post/%postun [x] Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro === Other suggestions === [x] If possible use upstream build method (maven/ant/javac) [x] Avoid having BuildRequires on exact NVR unless necessary [x] Package has BuildArch: noarch (if possible) [x] Latest version is packaged. [x] Reviewer should test that the package builds in mock. Tested on: === Issues === 1. LICENSE file should be updated so it has correct FSF address. 2. Mismatch of licenses. In LICENSE file it's "GPLv2", in README it's "CDDL or GPLv2 with exceptions" and in /src/main/resources/LICNESE.txt it's "Apache 2.0" Please fix the mismatching licenses. ================ *** REJECTED *** ================
Some notes: 1. Upstream was informed about the FSF address issue. 2. There is no mismatch of licenses here. It was cleared with RH Legal. Rich, could you please confirm that the license should be "CDDL or GPLv2 with exceptions"?
Vladimir, please note also that the Legal flag was lifted after I updated the spec file.
If this package has been cleared with "CDDL or GPLv2 with exceptions", then please remove "ASL 2.0" license from /src/main/resources/LICENSE.txt and put license information in some of the source file headers. Having LICENSE.txt with ASL 2.0 can mislead one to assuming that ASL 2.0 is a valid license too.
I confirm that the best license tag here is "CDDL or GPLv2 with exceptions". Putting license information in the source file headers is, to my knowledge, not a Fedora packaging or legal requirement. The inclusion of the Apache License 2.0 may not be necessary and will be investigated upstream. However, it is not necessarily in conflict with the CDDL/GPLv2 license designation, and therefore should not be a packaging obstacle IMO.
Hmm, as Vladimir's sponsor I have to say that he is correct despite the legal team opinion. It is not obvious what the license is. And having the ASL 2.0 license shipped with the source should make the License tag at least "CDDL or GPLv2 with exceptions or ASL 2.0" otherwise clear headers should be added to the source files or ASL license file removed from the source tarball so one can exclude the possibility of having ASL 2.0 content in the package. From merely looking at the source tarball I would say that it is as legal to ship it under ASL 2.0 as it is to ship it underl GPLv2 with exceptions.
As lawyer for the committers of the upstream project, I confirm that under currently available information anyone is authorized to remove the Apache License text in this case. (However, I would note that one can imagine a case where preservation of the Apache License text would be necessary in otherwise very similar circumstances.)
Please either remove the /src/main/resources/LICENSE.txt or add ASL 2.0 to the license tag so I can approve the package. The license tag and the source tarball content MUST be in sync.
Marek, given those two options, I suggest removal of /src/main/resources/LICENSE.txt upstream.
I just sent a pull request. https://github.com/jboss/jboss-interceptors-api_spec/pull/2
Fixed! Spec URL: http://goldmann.fedorapeople.org/package_review/jboss-interceptors-api_1.1/4/jboss-interceptors-1.1-api.spec SRPM URL: http://goldmann.fedorapeople.org/package_review/jboss-interceptors-api_1.1/4/jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17.src.rpm
Great, thanks! *** APPROVED ***
Thanks! New Package SCM Request ======================= Package Name: jboss-interceptors-1.1-api Short Description: Interceptors 1.1 API Owners: goldmann Branches: f17
Git done (by process-git-requests).
jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17
Package jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-4377/jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17 then log in and leave karma (feedback).
jboss-interceptors-1.1-api-1.0.2-0.1.20120319git49a904.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.