Bug 732419 - Review Request: esteid-browser-plugin - Estonian ID card digital signing browser plugin
Summary: Review Request: esteid-browser-plugin - Estonian ID card digital signing brow...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Rex Dieter
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-22 12:09 UTC by Kalev Lember
Modified: 2011-08-23 18:17 UTC (History)
3 users (show)

Fixed In Version: esteid-browser-plugin-1.3.0-2.fc14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-23 18:17:41 UTC
rdieter: fedora-review+
gwync: fedora-cvs+


Attachments (Terms of Use)

Description Kalev Lember 2011-08-22 12:09:13 UTC
Spec URL: http://kalev.fedorapeople.org/esteid-browser-plugin.spec
SRPM URL: http://kalev.fedorapeople.org/esteid-browser-plugin-1.3.0-1.fc15.src.rpm
Description:
esteid-browser-plugin is cross-browser plugin exposing Estonian eID card's
digital signing functions in JavaScript. Digital signing is a common operation
on Estonian electronic bank sites. To protect privacy, the plugin only allows
access for web sites in an editable whitelist.

Comment 1 Rex Dieter 2011-08-22 13:48:30 UTC
I'll take a look.

Comment 2 Rex Dieter 2011-08-22 16:17:40 UTC
scratch build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=3291943

$ rpmlint *.rpm
esteid-browser-plugin.src: W: spelling-error %description -l en_US eID -> ID, CID, e ID
esteid-browser-plugin.src: W: spelling-error %description -l en_US whitelist -> white list, white-list, Whiteley
esteid-browser-plugin.src: W: invalid-url Source1: http://esteid.googlecode.com/files/esteid-browser-plugin-1.3.0.tar.bz2 HTTP Error 404: Not Found
esteid-browser-plugin.src: W: invalid-url Source0: http://firebreath.googlecode.com/files/firebreath-1.5.2.tar.bz2 HTTP Error 404: Not Found
1 packages and 0 specfiles checked; 0 errors, 4 warnings.

mostly harmless

sources: ok
$ md5sum *.bz2
174ba07a9adf4a8419db8aa47bf33ecb  esteid-browser-plugin-1.3.0.tar.bz2
14e5854f90655f87eddf6d0d5f735f46  firebreath-1.5.2.tar.bz2

license: MUST: please review
from my quick looking over, most of the code seems to be dual-licensed: BSD or LGPLv2
log4cplus is apache (not sure if that's actually used in the build.. yet)

naming: ok
though I have some reservations about the combining of 2 tarball/projects into one package here, but perhaps that's the upstream design here (i'm not familiar with it enough to judge).  if so, please do add a comment in the .spec to make that clear.

macros: ok

scriptlets: n/a

Comment 3 Kalev Lember 2011-08-22 17:01:29 UTC
Thanks for the review, Rex!

(In reply to comment #2)
> license: MUST: please review
> from my quick looking over, most of the code seems to be dual-licensed: BSD or
> LGPLv2

Added a comment in the spec file explaining the dual-licensing.


> log4cplus is apache (not sure if that's actually used in the build.. yet)

I'm just going to remove the bundled libraries, including log4cplus, in %prep.
That way we can be sure that they aren't getting used and it is easier to analyze licensing.


> naming: ok
> though I have some reservations about the combining of 2 tarball/projects
> into one package here, but perhaps that's the upstream design here (i'm
> not familiar with it enough to judge).  if so, please do add a comment in
> the .spec to make that clear.

Done.


* Mon Aug 22 2011 Kalev Lember <kalevlember@gmail.com> - 1.3.0-2
- Added a comment explaining the multiple licensing breakdown and the reason
  for split tarballs (#732419)
- Remove bundled libraries in prep

Spec URL: http://kalev.fedorapeople.org/esteid-browser-plugin.spec
SRPM URL:
http://kalev.fedorapeople.org/esteid-browser-plugin-1.3.0-2.fc15.src.rpm

Comment 4 Rex Dieter 2011-08-23 17:30:58 UTC
Thanks, looks good to me now.  APPROVED.

Comment 5 Kalev Lember 2011-08-23 17:47:12 UTC
New Package SCM Request
=======================
Package Name: esteid-browser-plugin
Short Description: Estonian ID card digital signing browser plugin
Owners: kalev
Branches: f14 f15 f16
InitialCC: sander85

Comment 6 Gwyn Ciesla 2011-08-23 17:58:24 UTC
Git done (by process-git-requests).

Comment 7 Kalev Lember 2011-08-23 18:17:41 UTC
Package imported and built; closing the ticket.


Note You need to log in before you can comment on or make changes to this bug.