Bug 885013 - Review Request: python-backports-ssl_match_hostname - The ssl.match_hostname() function from Python 3.2
Summary: Review Request: python-backports-ssl_match_hostname - The ssl.match_hostname(...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Toshio Ernie Kuratomi
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 956413
TreeView+ depends on / blocked
 
Reported: 2012-12-07 09:57 UTC by Ian Weller
Modified: 2013-04-25 15:37 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-02-24 08:51:45 UTC
Type: ---
a.badger: fedora-review+
gwync: fedora-cvs+


Attachments (Terms of Use)

Description Ian Weller 2012-12-07 09:57:02 UTC
Spec URL: http://ianweller.fedorapeople.org/SRPMS/python-backports-ssl_match_hostname/3.2-0.1.a3/python-backports-ssl_match_hostname.spec
SRPM URL: http://ianweller.fedorapeople.org/SRPMS/python-backports-ssl_match_hostname/3.2-0.1.a3/python-backports-ssl_match_hostname-3.2-0.1.a3.fc17.src.rpm

Description:
The Secure Sockets layer is only actually secure if you check the hostname in
the certificate returned by the server to which you are connecting, and verify
that it matches to hostname that you are trying to reach.

But the matching logic, defined in RFC2818, can be a bit tricky to implement on
your own. So the ssl package in the Standard Library of Python 3.2 now includes
a match_hostname() function for performing this check instead of requiring
every application to implement the check separately.

This backport brings match_hostname() to users of earlier versions of Python.
The actual code inside comes verbatim from Python 3.2.

Fedora Account System Username: ianweller

Blocking FE-Legal off the bat here (weird licensing shit), will post a link to the legal list posting when that's sent.

Comment 2 Tom "spot" Callaway 2012-12-07 14:29:41 UTC
Seems like if it is copied verbatim from Python 3.2, it is under the Python license, not MIT. You should contact the upstream and try to get them to clarify why they think it is MIT.

Mark it as Python and go ahead for now. If it ends up having some valid rationale for being MIT, you can change it without any Freedom concerns.

Lifting FE-Legal

Comment 3 Mario Blättermann 2012-12-12 20:53:51 UTC
Scratch build fails for Rawhide:
http://koji.fedoraproject.org/koji/taskinfo?taskID=4784243

+ python setup.py build
Traceback (most recent call last):
  File "setup.py", line 4, in <module>
    from setuptools import setup, find_packages
ImportError: No module named setuptools

The package python-setuptools is missing from BuildRequires.

rm -rf %{buildroot}
is an artifact from Fedora 10 and older. Please remove it. Don't know why it is still in the spec template anyway.

BuildRequires:  python-devel
is invalid. Use python2-devel:
http://fedoraproject.org/wiki/Packaging:Python#BuildRequires

Comment 4 Mario Blättermann 2013-01-17 19:18:00 UTC
Ping...?

Comment 5 Toshio Ernie Kuratomi 2013-02-05 17:37:46 UTC
There is one bugfix on the bitbucket repo (backport a bugfix from python-3.2.2):

https://bitbucket.org/brandon/backports.ssl_match_hostname/commits/450c9250e369696205922932f105822639ddfd83

brandon removed the "+" from the version in the commit after that.

Comment 7 Toshio Ernie Kuratomi 2013-02-07 15:55:53 UTC
Mario, I'm willing to review this since it's needed to unbundle a library from python-urllib3 https://bugzilla.redhat.com/show_bug.cgi?id=907688 .  But if you'd like to do it let me know.  I'll start on it this afternoon (about six hours from now).

Comment 8 Toshio Ernie Kuratomi 2013-02-12 20:50:50 UTC
ef78d0532f11c4403288a6a4a7e80da2f8924e6b0d662349bb86c09c6fea8b31  backports.ssl_match_hostname-3.2a3.tar.gz

Good:
* package name meets guidelines
* spec file name matches package name
* license has been approved.  Comment to explain the situation
* Spec file is legible
* Source matches upstream
* No locale files
* Not an elf library
* No bundled system libraries
* Not designed to be relocatable
* Package owns all directories it creates
* Files listed only once
* Permissions set properly
* Code, not content
* No large docs
* Nothing in %doc will affect runtime
* Not a GUI application
* Does not own files or directories owned by another package at this time. See Notes section below.
* All filenames are valid UTF-8
* No scriptlets needed
* Builds in koji

rpmlint
* python-backports-ssl_match_hostname.noarch: W: spelling-error Summary(en_US) ssl -> isl, sol, ssh
* python-backports-ssl_match_hostname.noarch: W: spelling-error Summary(en_US) hostname -> host name, host-name, hostage
* python-backports-ssl_match_hostname.noarch: W: spelling-error %description -l en_US backport -> back port, back-port, backpacker
  - All spelling wawrnings are acceptable jargon.  False positives in this case.


Notes:
* Ping upstream with the licensing concerns and request that he adds a License files
* note, the backports module seems to be setup as a namespace module.  In the
  future, there may be other packages that attempt to install here.  RPM should
  be able to gracefully handle the directory itself and the __init__.py file
  should this happen.  However, it will not be able to handle the .pyc and .pyo
  files as those contain timestamps.  Should other packages be released by
  upstream that use the backports module namespace, I recommend shipping a
  separate python-backports package with the things necessary for the namespace
  ( %{python_sitelib}/backports and %{python_sitelib}/backports/__init__.py* )
  then having all modules within this namespace require it.

APPROVED

Comment 9 Ian Weller 2013-02-12 21:02:21 UTC
New Package SCM Request
=======================
Package Name: python-backports-ssl_match_hostname
Short Description: The ssl.match_hostname() function from Python 3.2
Owners: ianweller
Branches: f17 f18 el6
InitialCC:

Comment 10 Gwyn Ciesla 2013-02-13 00:36:09 UTC
Git done (by process-git-requests).

Comment 11 Fedora Update System 2013-02-13 03:56:03 UTC
python-backports-ssl_match_hostname-3.2-0.2.a3.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/python-backports-ssl_match_hostname-3.2-0.2.a3.fc17

Comment 12 Fedora Update System 2013-02-13 03:56:15 UTC
python-backports-ssl_match_hostname-3.2-0.2.a3.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/python-backports-ssl_match_hostname-3.2-0.2.a3.fc18

Comment 13 Fedora Update System 2013-02-13 03:56:34 UTC
python-backports-ssl_match_hostname-3.2-0.2.a3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/python-backports-ssl_match_hostname-3.2-0.2.a3.el6

Comment 14 Fedora Update System 2013-02-13 19:07:34 UTC
python-backports-ssl_match_hostname-3.2-0.2.a3.el6 has been pushed to the Fedora EPEL 6 testing repository.

Comment 15 Fedora Update System 2013-02-24 08:51:47 UTC
python-backports-ssl_match_hostname-3.2-0.2.a3.fc18 has been pushed to the Fedora 18 stable repository.

Comment 16 Fedora Update System 2013-02-24 08:55:33 UTC
python-backports-ssl_match_hostname-3.2-0.2.a3.fc17 has been pushed to the Fedora 17 stable repository.

Comment 17 Fedora Update System 2013-04-01 19:20:23 UTC
python-backports-ssl_match_hostname-3.2-0.2.a3.el6 has been pushed to the Fedora EPEL 6 stable repository.


Note You need to log in before you can comment on or make changes to this bug.