This is an informal review, don't have a sponsor yet.

=== generic ===

OK - MUST - Package successfully compiles and builds into binary rpms on at least one supported architecture.
OK - MUST - Permissions on files are set properly.
OK - MUST - Package does not contain duplicates in %files.
OK - MUST - Spec file lacks Packager, Vendor, PreReq tags.
OK - MUST - If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
OK - MUST - Package is named according to the Package Naming Guidelines.
OK - MUST - Rpmlint output is silent.
CHECK - MUST - Sources used to build the package matches the upstream source, as provided in the spec URL.
	proxool-0.9.1-source.tar.gz :
		MD5SUM this package     : f3e1d02b53c12e15282002fad50b9ef5
		MD5SUM upstream package : f3e1d02b53c12e15282002fad50b9ef5
	proxool.pom :
		MD5SUM this package     : 553a3091f43900e8ac6af9d03c6c83c2
		MD5SUM upstream package : upstream source not found
OK - MUST - Spec file name must match the spec package %{name}, in the format %{name}.spec.
OK - MUST - File names are valid UTF-8.
OK - SHOULD - Reviewer should test that the package builds in mock.
OK - SHOULD - Dist tag is present.
OK - SHOULD - SourceX is a working URL.

=== java related ===

OK - MUST - Packages have proper BuildRequires/Requires on jpackage-utils
OK - MUST - Fully versioned dependency in subpackages, if present.
OK - MUST - Javadoc documentation files are generated and included in -javadoc subpackage
CHECK - MUST - Javadoc subpackages have Requires: jpackage-utils
OK - MUST - Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlink)
OK - MUST - Old add_to_maven_depmap macro is not being used
OK - MUST - Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro
OK - MUST - Package DOES NOT use %update_maven_depmap in %post/%postun
OK - MUST - Packages use %{_mavenpomdir} instead of %{_datadir}/maven2/poms

Hello guys.

I'll do the review.

Ben, maybe You'd like to check the following link pointing to the latest Java_review_template:
http://fedoraproject.org/wiki/Java_review_template

It's created with respect to the latest guidelines and it's usually updated with each guidelines change.

Have You already found a sponsor?

Regards,
Jaromir.

Package Review
==============

Key:
- = N/A
x = Check
! = Problem
? = Not evaluated

=== REQUIRED ITEMS ===
[x]  Rpmlint output:

$ rpmlint proxool-0.9.1-3.fc17.noarch.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

$ rpmlint proxool-javadoc-0.9.1-3.fc17.noarch.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

$ rpmlint proxool-0.9.1-3.fc17.src.rpm
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

[x]  Package is named according to the Package Naming Guidelines[1].
[x]  Spec file name must match the base package name, in the format %{name}.spec.
[x]  Package meets the Packaging Guidelines[2].
[x]  Package successfully compiles and builds into binary rpms.
[x]  Buildroot definition is not present
[x]  Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines[3,4].
[!]  License field in the package spec file matches the actual license.

License type: BSD

Issue:
Some source files contain the following line in the header:

   This software is released under a licence similar to the Apache Software Licence.

Please, clarify that with upstream.

[x]  If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
[x]  All independent sub-packages have license of their own
[x]  Spec file is legible and written in American English.
[x]  Sources used to build the package matches the upstream source, as provided in the spec URL.

MD5SUM this package     : f3e1d02b53c12e15282002fad50b9ef5
MD5SUM upstream package : f3e1d02b53c12e15282002fad50b9ef5

[x]  All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines[5].
[x]  Package must own all directories that it creates or must require other packages for directories it uses.
[x]  Package does not contain duplicates in %files.
[x]  File sections do not contain %defattr(-,root,root,-) unless changed with good reason
[x]  Permissions on files are set properly.
[x]  Package does NOT have a %clean section which contains rm -rf %{buildroot} (or $RPM_BUILD_ROOT). (not needed anymore)
[x]  Package consistently uses macros (no %{buildroot} and $RPM_BUILD_ROOT mixing)
[x]  Package contains code, or permissable content.
[-]  Fully versioned dependency in subpackages, if present.
[-]  Package contains a properly installed %{name}.desktop file if it is a GUI application.
[x]  Package does not own files or directories owned by other packages.
[x]  Javadoc documentation files are generated and included in -javadoc subpackage
[x]  Javadocs are placed in %{_javadocdir}/%{name} (no -%{version} symlinks)
[x]  Packages have proper BuildRequires/Requires on jpackage-utils
[!]  Javadoc subpackages have Require: jpackage-utils
[-]  Package uses %global not %define
[-]  If package uses tarball from VCS include comment how to re-create that tarball (svn export URL, git clone URL, ...)
[x]  If source tarball includes bundled jar/class files these need to be removed prior to building
[x]  All filenames in rpm packages must be valid UTF-8.
[x]  Jar files are installed to %{_javadir}/%{name}.jar (see [6] for details)
[x]  If package contains pom.xml files install it (including depmaps) even when building with ant
[x]  pom files have correct add_maven_depmap

=== Maven ===
[x]  Use %{_mavenpomdir} macro for placing pom files instead of %{_datadir}/maven2/poms
[-]  If package uses "-Dmaven.test.skip=true" explain why it was needed in a comment
[-]  If package uses custom depmap "-Dmaven.local.depmap.file=*" explain why it's needed in a comment
[x]  Package DOES NOT use %update_maven_depmap in %post/%postun
[x]  Packages DOES NOT have Requires(post) and Requires(postun) on jpackage-utils for %update_maven_depmap macro

=== Other suggestions ===
[x]  If possible use upstream build method (maven/ant/javac)
[x]  Avoid having BuildRequires on exact NVR unless necessary
[x]  Package has BuildArch: noarch (if possible)
[x]  Latest version is packaged.
[x]  Reviewer should test that the package builds in mock.

Tested on : fedora-rawhide-x86_64


=== Issues ===
1.  Some source files contain confusing/conflicting license information in the header.
2.  Javadoc subpackages is missing Require: jpackage-utils

=== Final Notes ===
1.  Please, submit a bug in the proxool upstream tracker against missing Maven support.
2.  The following description is usually used for javadoc:

  This package contains the API documentation for %{name}.



[1] https://fedoraproject.org/wiki/Packaging:NamingGuidelines
[2] https://fedoraproject.org/wiki/Packaging:Guidelines
[3] https://fedoraproject.org/wiki/Packaging:LicensingGuidelines
[4] https://fedoraproject.org/wiki/Licensing:Main
[5] https://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions_2 
[6] https://fedoraproject.org/wiki/Packaging:Java#Filenames

Oh, you are correct on the license.  At first glance, it does resemble 4-clause BSD ... but it has 6 clauses, of course, and is essentially a clone of Apache Software License 1.0 with "Proxool" substituted for "Apache".

I have sent an email to the maintainer.  As it stands, the proper license for the package should literally be "Proxool License", but I'm going to hope that he comes back with the other authors and a decision to adopt a less restrictive license (like ASL 2.0 or revised BSD).

Does a license like this require approval from legal, or is it sufficient to diff it against ASL 1.0 and say "these are the same"?  If it does not require separate approval, I'll just change the LICENSE line and finish up the review, and if/when the maintainer updates the license upstream, I can update the package.  If it has to go through a process to be added to the license list, though, I'm not sure it's worth the trouble.

The maintainer has updated the license to ASL 2.0, and I've fixed the other issues noted.  I will add the POM file to my own proxool branch in github and will send him a merge request.

New URLs:

SPEC:
http://downloads.eucalyptus.com/devel/packages/fedora-16/SPECS/proxool.spec

SRPM:
http://downloads.eucalyptus.com/devel/packages/fedora-16/SRPMS/proxool-0.9.1-4.fc16.src.rpm

Thanks for reviewing.

[!]  Rpmlint output:

$ rpmlint proxool-0.9.1-4.fc17.noarch.rpm
proxool.noarch: W: spurious-executable-perm /usr/share/doc/proxool-0.9.1/BUILD.txt
proxool.noarch: W: spurious-executable-perm /usr/share/doc/proxool-0.9.1/CHANGES.txt
proxool.noarch: W: spurious-executable-perm /usr/share/doc/proxool-0.9.1/README.txt
proxool.noarch: W: spurious-executable-perm /usr/share/doc/proxool-0.9.1/LICENCE.txt
1 packages and 0 specfiles checked; 0 errors, 4 warnings.                         

$ rpmlint proxool-javadoc-0.9.1-4.fc17.noarch.rpm 
proxool-javadoc.noarch: W: spurious-executable-perm /usr/share/doc/proxool-javadoc-0.9.1/LICENCE.txt
1 packages and 0 specfiles checked; 0 errors, 1 warnings.

$ rpmlint proxool-0.9.1-4.fc17.src.rpm 
proxool.src: W: invalid-url Source0: proxool-proxool-659fc71.tar.gz
1 packages and 0 specfiles checked; 0 errors, 1 warnings.

-----

1. Please, fix the permissions
2. Please, remove spaces at the end of line 4 and 12 (spec file).

Fixed, rpmlint output is good now:

New URLs:

SPEC:
http://downloads.eucalyptus.com/devel/packages/fedora-16/SPECS/proxool.spec

SRPM:
http://downloads.eucalyptus.com/devel/packages/fedora-16/SRPMS/proxool-0.9.1-5.fc16.src.rpm

APPROVED ...

New Package SCM Request
=======================
Package Name:      proxool
Short Description: Java connection pool library
Owners:            arg

Git done (by process-git-requests).