This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 808768 - Review Request: annox - Java annotations in XML resources
Review Request: annox - Java annotations in XML resources
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mikolaj Izdebski
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 808769
  Show dependency treegraph
 
Reported: 2012-03-31 13:21 EDT by gil cattaneo
Modified: 2012-05-26 02:57 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-26 02:57:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
mizdebsk: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description gil cattaneo 2012-03-31 13:21:47 EDT
Spec URL: http://gil.fedorapeople.org/annox.spec
SRPM URL: http://gil.fedorapeople.org/annox-0.5.0-1.fc16.src.rpm
Description: Annox is an open source project which allows you to
read arbitrary Java annotations from XML resources.
JAXB users may be interested in Annox annotation
reader for JAXB RI which allows you to define JAXB 
Java/XML mappings in XML resources (instead of
annotations).
Comment 1 gil cattaneo 2012-04-21 13:34:20 EDT
Tested on : http://koji.fedoraproject.org/koji/taskinfo?taskID=4011099
Comment 2 Mikolaj Izdebski 2012-05-10 07:18:30 EDT
I'm taking this review.
Comment 3 Mikolaj Izdebski 2012-05-10 08:11:26 EDT
Package Review
==============

Key:
- = N/A
x = Pass
! = Fail
? = Not evaluated



==== Generic ====
[!]: MUST Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.

The license text
(http://confluence.highsource.org/display/ANX/License) says that
"Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution",
but binary RPMs don't install the license as documentation nor
reproduce it in any other way. It would be a good idea to ask upstream
to include the license text.

Solution: Please install the license along with binary packages.


[x]: MUST Package successfully compiles and builds into binary rpms on at
     least one supported primary architecture.
[x]: MUST %build honors applicable compiler flags or justifies otherwise.
[x]: MUST All build dependencies are listed in BuildRequires, except for any
     that are listed in the exceptions section of Packaging Guidelines.
[x]: MUST Buildroot is not present
     Note: Unless packager wants to package for EPEL5 this is fine
[x]: MUST Package contains no bundled libraries.
[x]: MUST Changelog in prescribed format.
[x]: MUST Package has no %clean section with rm -rf %{buildroot} (or
     $RPM_BUILD_ROOT)
     Note: Clean would be needed if support for EPEL is required
[x]: MUST Sources contain only permissible code or content.
[x]: MUST Each %files section contains %defattr if rpm < 4.4
     Note: Note: defattr macros not found. They would be needed for EPEL5
[x]: MUST Macros in Summary, %description expandable at SRPM build time.
[x]: MUST Package requires other packages for directories it uses.
[-]: MUST Package uses nothing in %doc for runtime.
[x]: MUST Package is not known to require ExcludeArch.
[x]: MUST Permissions on files are set properly.
[x]: MUST Package does not contain duplicates in %files.
[x]: MUST Spec file lacks Packager, Vendor, PreReq tags.
[x]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
     beginning of %install.
     Note: rm -rf would be needed if support for EPEL5 is required
[-]: MUST Large documentation files are in a -doc subpackage, if required.
[x]: MUST If (and only if) the source package includes the text of the
     license(s) in its own file, then that file, containing the text of the
     license(s) for the package is included in %doc.
[x]: MUST License field in the package spec file matches the actual license.
[x]: MUST License file installed when any subpackage combination is installed.
[x]: MUST Package consistently uses macros (instead of hard-coded directory
     names).
[x]: MUST Package is named according to the Package Naming Guidelines.
[x]: MUST Package does not generate any conflict.
[x]: MUST Package obeys FHS, except libexecdir and /usr/target.
[x]: MUST Package must own all directories that it creates.
[x]: MUST Package does not own files or directories owned by other packages.
[x]: MUST Package installs properly.
[x]: MUST Requires correct, justified where necessary.
[!]: MUST Rpmlint output is silent.

rpmlint annox-javadoc-0.5.0-1.fc18.noarch.rpm

1 packages and 0 specfiles checked; 0 errors, 0 warnings.


rpmlint annox-0.5.0-1.fc18.noarch.rpm

annox.noarch: W: no-documentation
1 packages and 0 specfiles checked; 0 errors, 1 warnings.


rpmlint annox-0.5.0-1.fc18.src.rpm

annox.src: W: invalid-url Source0: annox-0.5.0-src-svn.tar.gz
1 packages and 0 specfiles checked; 0 errors, 1 warnings.

These warnings can be ignored.


[?]: MUST Sources used to build the package match the upstream source, as
     provided in the spec URL.

I haven't verified that yet.

[x]: MUST Spec file is legible and written in American English.
[x]: MUST Spec file name must match the spec package %{name}, in the format
     %{name}.spec.
[-]: MUST Package contains a SysV-style init script if in need of one.
[x]: MUST File names are valid UTF-8.
[-]: MUST Useful -debuginfo package or justification otherwise.
[x]: SHOULD Reviewer should test that the package builds in mock.
[!]: SHOULD If the source package does not include license text(s) as a
     separate file from upstream, the packager SHOULD query upstream to
     include it.

The package doesn't include license file, please query upstream.

[x]: SHOULD Dist tag is present.
[x]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin,
     /usr/sbin.
[x]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q
     --requires).
[x]: SHOULD Package functions as described.
[!]: SHOULD Latest version is packaged.

The newest upstream release is 0.5.1, but the packaged version is 0.5.0.
You can consider packaging the newer version, especially if upstream agrees to
incorporate license text into the repo. However since it's a minor release only
it's fine keep version 0.5.0 packaged.

[x]: SHOULD Package does not include license text files separate from
     upstream.
[x]: SHOULD Patches link to upstream bugs/comments/lists or are otherwise
     justified.
[x]: SHOULD SourceX / PatchY prefixed with %{name}.
     Note: Source0: annox-0.5.0-src-svn.tar.gz (annox-0.5.0-src-svn.tar.gz)
     Patch0: annox-0.5.0-fixbuild.patch (annox-0.5.0-fixbuild.patch)
[x]: SHOULD SourceX is a working URL.
[-]: SHOULD Description and summary sections in the package spec file contains
     translations for supported Non-English languages, if available.
[?]: SHOULD Package should compile and build into binary rpms on all supported
     architectures.
[!]: SHOULD %check is present and all tests pass.

The tests are disabled, as justifiex in .spec file.

[x]: SHOULD Packages should try to preserve timestamps of original installed
     files.
[x]: SHOULD Spec use %global instead of %define.


==== Java ====
[x]: MUST If source tarball includes bundled jar/class files these need to be
     removed prior to building
[x]: MUST Packages have proper BuildRequires/Requires on jpackage-utils
[x]: MUST Fully versioned dependency in subpackages, if present.
[x]: MUST Javadoc documentation files are generated and included in -javadoc
     subpackage
[x]: MUST Javadoc subpackages have Requires: jpackage-utils
[x]: MUST Javadocs are placed in %{_javadocdir}/%{name} (no -%{version}
     symlink)
[x]: SHOULD Package has BuildArch: noarch (if possible)
[x]: SHOULD Package uses upstream build method (ant/maven/etc.)


==== Maven ====
[x]: MUST Pom files have correct add_maven_depmap call
     Note: Some add_maven_depmap calls found. Please check if they are correct
[x]: MUST Old add_to_maven_depmap macro is not being used
[x]: MUST Packages DOES NOT have Requires(post) and Requires(postun) on
     jpackage-utils for %update_maven_depmap macro
[x]: MUST If package contains pom.xml files install it (including depmaps)
     even when building with ant
[x]: MUST If package uses "-Dmaven.test.skip=true" explain why it was needed
     in a comment
     Note: Some comment is used before mvn-rpmbuild command. Please verify it
     explains use of -Dmaven.test.skip
[x]: MUST Package DOES NOT use %update_maven_depmap in %post/%postun
[x]: MUST Packages use %{_mavenpomdir} instead of %{_datadir}/maven2/poms


Summary
=======

1. Ask upstream to include license text
2. Install license file along with both packages

Please correct the above flaws.
Comment 4 Mikolaj Izdebski 2012-05-15 07:00:54 EDT
My question about the licensing situation on Fedora-legal-list:
http://lists.fedoraproject.org/pipermail/legal/2012-May/001907.html
and the answer:
http://lists.fedoraproject.org/pipermail/legal/2012-May/001908.html

I'm waiting for gil to take an appropriate action.

gil: The spec file you sent to me looked fine. Post here the updated SRPM and spec please.
Comment 6 Mikolaj Izdebski 2012-05-15 08:43:54 EDT
Fixed issue:

[x]: MUST Package is licensed with an open-source compatible license and meets
     other legal requirements as defined in the legal section of Packaging
     Guidelines.

Checked now:

[x]: MUST Sources used to build the package match the upstream source, as
     provided in the spec URL.

Some minor problems not blocking the package:

[!]: SHOULD %check is present and all tests pass.

Tests are skipped, but a justification is given.

[!]: SHOULD Latest version is packaged.

A newer upstream version is available.

[!]: SHOULD If the source package does not include license text(s) as a
     separate file from upstream, the packager SHOULD query upstream to
     include it.

The maintainer hasn't asked upstream to include the license text.


Because the remaining issues are not very important, annox is:

================
*** APPROVED ***
================
Comment 7 gil cattaneo 2012-05-15 08:48:11 EDT
New Package SCM Request
=======================
Package Name: annox
Short Description: Java annotations in XML resources
Owners: gil
Branches: f16 f17
InitialCC: java-sig
Comment 8 Gwyn Ciesla 2012-05-15 09:03:33 EDT
Git done (by process-git-requests).
Comment 9 Fedora Update System 2012-05-15 09:44:58 EDT
annox-0.5.0-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/annox-0.5.0-2.fc17
Comment 10 Fedora Update System 2012-05-15 12:41:49 EDT
annox-0.5.0-2.fc17 has been pushed to the Fedora 17 testing repository.
Comment 11 Fedora Update System 2012-05-26 02:57:04 EDT
annox-0.5.0-2.fc17 has been pushed to the Fedora 17 stable repository.

Note You need to log in before you can comment on or make changes to this bug.