Bug 961237 - Review Request: sipxtapi - SIP stack and real-time media framework
Review Request: sipxtapi - SIP stack and real-time media framework
Status: NEW
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nobody's working on this, feel free to take it
Fedora Extras Quality Assurance
:
Depends On:
Blocks: FE-DEADREVIEW
  Show dependency treegraph
 
Reported: 2013-05-09 04:16 EDT by Daniel Pocock
Modified: 2015-12-20 07:45 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
licensecheck.txt done by fedora-review tool (168.10 KB, text/plain)
2013-08-09 03:38 EDT, Michael Schwendt
no flags Details

  None (edit)
Description Daniel Pocock 2013-05-09 04:16:44 EDT
Spec URL: https://github.com/dpocock/sipXtapi3/blob/master/sipxtapi.spec.in
SRPM URL: https://www.resiprocate.org/files/pub/sipX/sipxtapi-3.3.0~test10.tar.gz
Description: sipXtapi is a C++ framework that makes it easy to construct SIP user agents, including softphones and telephony servers.  It includes a media framework that can be used to relay calls to local sound hardware, transcode and bridge multiple participants.
Fedora Account System Username: pocock
Comment 1 Christopher Meng 2013-05-09 04:24:10 EDT
IMO I think the spec is invalid.
Comment 2 Daniel Pocock 2013-05-09 04:28:04 EDT
https://www.resiprocate.org/files/pub/sipX/sipxtapi-3.3.0~test10.tar.gz

is not the final 3.3.0 release.

Rather, I have tracked the upstream project in a github fork to adapt the build system for packaging.

If the review identifies more changes needed in the spec file or upstream build system, those will be implemented before the final 3.3.0 tarball is created.  The real 3.3.0 tarball will then be ready for Fedora.

sipXtapi is not the same as reSIProcate.  They both provide an independent SIP stack implementation.  reSIProcate includes a conferencing library, librecon.  The conferencing library uses the media framework from sipxtapi.  That is why this tarball is on the reSIProcate web server.
Comment 3 Daniel Pocock 2013-05-09 04:30:20 EDT
Christopher, the spec I linked to is a template, it is meant to be parsed by autotools, it inserts the version number, package name, etc.  The template is kept in upstream git, the final generated spec file is produced automatically when generating a tarball.

The generated spec file is inside the tarball.  It builds cleanly with:

rpmbuild -tb sipxtapi-3.3.0~test10.tar.gz
Comment 4 Daniel Pocock 2013-08-06 17:01:55 EDT
I've placed a standalone copy of the latest spec file here:

  https://github.com/dpocock/sipxtapi-rpm/blob/master/sipxtapi.spec

and the latest tarball is available here:

  http://www.resiprocate.org/files/pub/sipX/
Comment 5 Christopher Meng 2013-08-07 00:54:10 EDT
Yes, because you give us a template, we can also refuse to review your package, who knows exactly the content is.

First glimpse at spec:

1. Drop

Vendor: SIPfoundry
Packager: Daniel Pocock <daniel@pocock.com.au>

2. It's better to add --disable-static to the configure.

3. Why providing a libs subpackage? Can't it be merged into main package?

4. I don't hope you include "test" in the version field.

5. I'm sorry in the past years I never use Group tag, and you use Group: Development/Libraries in 2 different subpackages, I think it's not perfect, recommend dropping it.
Comment 6 Daniel Pocock 2013-08-07 08:03:01 EDT
The template only inserts the @VERSION@ at build time.  We use a template to generate the spec file so that RPM users will always be supported automatically with every upstream tarball.  Most RPM users are very happy with this approach. 

Anyhow, I've now made all the changes you suggested and created another standalone spec file for you.  Can you please confirm this is OK to go into Fedora now?
Comment 7 Daniel Pocock 2013-08-07 08:04:53 EDT
Also, the ~test suffix is used on the tarball because it has not been tagged upstream yet.

We are waiting to make sure that the tarballs work for Fedora users before tagging and confirming the 3.3.0 release.

Once you confirm it is OK, the 3.3.0 tag will be created and that can be the first version uploaded into Fedora
Comment 8 Michael Schwendt 2013-08-07 08:14:55 EDT
This is unacceptable.

Provide a tested (!) src.rpm at a direct download location. Point at it in the "SRPM URL" fields of this ticket. You may use your fedorapeople.org web space for hosting the src.rpm and the spec file.

The spec file does not follow the packaging guidelines in various places. It even refers to a -libs subpackage that isn't built by the spec file.

Run rpmlint (or rpmlint -I for more helpful output) on the src.rpm *and* all
built rpms. Feel free to ignore obvious false positives in the report, but fix
anything else. Preferably add a comment here about whether/when you think what
rpmlint reports is correct or incorrect.
Comment 9 Christopher Meng 2013-08-07 08:29:37 EDT
Where is the new spec?

1. If it's the one mentioned above, please remember buming the release to higher one such as 1-->2.

And, release tag is invalid.

2. %package devel
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Summary: Header files for %name

Of course, this is not a headers only package.

Suggestion:

%package           devel
Summary:           Development files for %{name}
Requires:          %{name}-libs%{?_isa} = %{version}-%{release}

%description       devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.

3. Remove

BuildRequires: gcc-c++

4. Please don't use such:

%name-%version

use

%{name}-%{version}

instead.

5. License: LGPL

is wrong, should be

License: LGPLv2
Comment 10 Michael Schwendt 2013-08-07 08:45:24 EDT
There's more without looking too long...


> Requires: openssl >= 0.9.8

https://fedoraproject.org/wiki/Packaging:Guidelines#Explicit_Requires
and %{?_isa} would be missing anyway.


> BuildRequires: cppunit-devel

There are unit tests available? Any of them suitable for a %check section?


> Requires: %{name}-libs%{?_isa} = %{version}-%{release}

-libs is a wrong leftover here.


> %package apidoc

Typically, we call them -doc not -apidoc:
https://fedoraproject.org/wiki/Packaging:Guidelines#Documentation


> %{_datarootdir}

The package must not own /usr/share.
Comment 11 Daniel Pocock 2013-08-07 10:09:35 EDT
I've fixed those issues too, the -libs thing had been fixed but hadn't all been pushed to github

Can somebody please comment on the correct way to install the docs?

Which of these should contain the docs:

/usr/share/doc/sipxtapi/
/usr/share/doc/sipxtapi-doc-%{version}/

I notice it is currently installing to the former, if I have to use the latter, what is the preferred way of doing that in the spec file?
Comment 12 Michael Schwendt 2013-08-07 10:50:36 EDT
In general, docs get installed where _you_ install them or where the software package installs them.

However, if you use %doc in a %files list, it does two different things depending on what files you apply it to. For local files in the build dir, it copies them to

  %{_docdir}/%{name}-%{version}

whereas when applying %doc to absolute paths, it just marks files as being Documentation files (e.g. for RPM queries or --excludedocs installations).


For Fedora 20, things have changed, and %doc will copy to

  %{_docdir}/%{name}

without the trailing version. Check out:

  https://fedoraproject.org/wiki/Changes/UnversionedDocdirs


When using %doc for the files of a subpackage, %{name} will be the subpackage name. So, in a -doc subpackage, %doc installs into:

  %{_docdir}/%{name}-doc-%{version}

Unversioned for F20, of course.

Some packagers don't like the multiple doc dirs that are the result of using %doc in subpackages. They install everything themselves during %install into a single directory (versioned or not), and files below %_docdir are marked %doc automatically, too.

HTH
Comment 13 Daniel Pocock 2013-08-08 03:24:28 EDT
I've now revised the spec file again and released a new test tarball, it is available as an SRPM this time:

http://download.sipxtapi.org/files/pub/sipX/

$ rpmlint sipxtapi-3.3.0~test12-5.src.rpm
sipxtapi.src: W: spelling-error Summary(en_US) codecs -> codes, coders, code's

 - codec/codecs is the correct term

sipxtapi.src:53: W: macro-in-comment %check

 - the section is deliberately commented, the comments explain why

1 packages and 0 specfiles checked; 0 errors, 2 warnings.
Comment 14 Christopher Meng 2013-08-08 04:57:25 EDT
I strongly advice you to refresh your spec and srpm at the same time.

Issues:
=======
- Sources used to build the package match the upstream source, as provided in
  the spec URL.

- Package does not contain any libtool archives (.la)
  Note: sipxtapi : /usr/lib/sipxtapi/codecs/codec_g722.la sipxtapi :
  /usr/lib/sipxtapi/codecs/codec_gsm.la sipxtapi :
  /usr/lib/sipxtapi/codecs/codec_l16.la sipxtapi :
  /usr/lib/sipxtapi/codecs/codec_pcmapcmu.la sipxtapi :
  /usr/lib/sipxtapi/codecs/codec_tones.la
  See: http://fedoraproject.org/wiki/Packaging/Guidelines#StaticLibraries
- Large documentation must go in a -doc subpackage.
  Note: Documentation size is 1310720 bytes in 237 files.
  See: http://fedoraproject.org/wiki/Packaging/Guidelines#PackageDocumentation

License:
=======
Found:
     "BSD (4 clause) ISC", "GPL (v2 or later)", "Unknown or generated", "BSD
     (4 clause)", "*No copyright* zlib/libpng", "zlib/libpng", "ISC", "BSD (3
     clause)". 1389 files have unknown license. 

And:
=======

sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXport.so.2.0.0 /lib/libm.so.6
sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXsdp.so.1.0.0 /lib/libm.so.6
sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXmedia.so.1.0.0 /lib/libgsm.so.1
sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXmediaProcessing.so.1.0.0 /lib/libssl.so.10
sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXmediaProcessing.so.1.0.0 /lib/libcrypto.so.10
sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXmediaProcessing.so.1.0.0 /lib/libpcre.so.1
sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXmediaProcessing.so.1.0.0 /lib/libdl.so.2
sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXmediaProcessing.so.1.0.0 /lib/libpthread.so.0
sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXmediaProcessing.so.1.0.0 /lib/libgsm.so.1
sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXmediaProcessing.so.1.0.0 /lib/librt.so.1
sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXmediaProcessing.so.1.0.0 /lib/libresolv.so.2
sipxtapi.i686: W: unused-direct-shlib-dependency /usr/lib/libsipXmediaProcessing.so.1.0.0 /lib/libm.so.6

Also:
========

sipxtapi: /usr/lib/sipxtapi/codecs/codec_g722.so
sipxtapi: /usr/lib/sipxtapi/codecs/codec_gsm.so
sipxtapi: /usr/lib/sipxtapi/codecs/codec_l16.so
sipxtapi: /usr/lib/sipxtapi/codecs/codec_pcmapcmu.so
sipxtapi: /usr/lib/sipxtapi/codecs/codec_tones.so
Comment 15 Michael Schwendt 2013-08-08 07:11:19 EDT
Cannot build the package yet and would need to fix it first:

| ERROR: SRPM file name was invalid.
| Message: 'Illegal character '~' encountered.'

https://fedoraproject.org/wiki/Packaging:NamingGuidelines#Common_Character_Set_for_Package_Naming
Comment 16 Daniel Pocock 2013-08-08 07:51:40 EDT
It builds fine on F19

I understand the ~ is not supported on older Fedora versions and RHEL6

Nonetheless, the ~ is used to denote pre-release tarballs such as this one.  The proper release (without a tilde in the name) will be made shortly, but before we release, we need to know if any essential changes are needed to support Fedora.

When it is officially uploaded into Fedora, we will upload the final release tarball

Do you have an F19 or rawhide environment where you can test the tarball?
Comment 17 Michael Schwendt 2013-08-08 08:19:57 EDT
> It builds fine on F19

No, it doesn't. Perhaps a plain rpmbuild succeeds, but we're using Mock and/or build servers. Plague rejects the src.rpm. I've changed the src.rpm and submitted another build job.

  Name: sipxtapi
  Version: 3.3.0

  %global tartopdir %{name}-%{version}~test12

  Source: http://download.sipxtapi.org/files/pub/sipX/%{tartopdir}.tar.gz

  %setup -q -n %{tartopdir}

Have you submitted a scratch-build in the Fedora Build System (koji) yet?
Comment 18 Michael Schwendt 2013-08-08 09:32:48 EDT
$ rpmls -p sipxtapi-doc-3.3.0-5.x86_64.rpm|grep ^d
drwxr-xr-x  /usr/share/doc/sipxtapi/sipXcallLib
drwxr-xr-x  /usr/share/doc/sipxtapi/sipXmediaAdapterLib
drwxr-xr-x  /usr/share/doc/sipxtapi/sipXmediaLib
drwxr-xr-x  /usr/share/doc/sipxtapi/sipXportLib
drwxr-xr-x  /usr/share/doc/sipxtapi/sipXsdpLib
drwxr-xr-x  /usr/share/doc/sipxtapi/sipXtackLib

Directory /usr/share/doc/sipxtapi is missing in this package.
https://fedoraproject.org/wiki/Packaging:UnownedDirectories

$ rpm -qpR sipxtapi-doc-3.3.0-5.x86_64.rpm|grep -v rpm
$


> drwxr-xr-x  /usr/share/doc/sipxtapi-devel-3.3.0
> -rw-r--r--  /usr/share/doc/sipxtapi-devel-3.3.0/COPYING

You don't need to duplicate the license file in the -devel package, because that package depends on the base package already, which includes the same file:
https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#Subpackage_Licensing

drwxr-xr-x  /usr/share/doc/sipxtapi-3.3.0
-rw-r--r--  /usr/share/doc/sipxtapi-3.3.0/COPYING


$ rpmls -p sipxtapi-3.3.0-5.x86_64.rpm |grep \.a$
-rwxr-xr-x  /usr/lib64/sipxtapi/codecs/codec_g722.la
-rwxr-xr-x  /usr/lib64/sipxtapi/codecs/codec_l16.la
-rwxr-xr-x  /usr/lib64/sipxtapi/codecs/codec_pcmapcmu.la
-rwxr-xr-x  /usr/lib64/sipxtapi/codecs/codec_tones.la

Does it use these libtool archives at run-time? (for example, if it uses an old libtool dlopen instead of the normal dlopen)

Else delete them. It's covered in an unrelated section here:
https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries


So much about the test-builds.

[...]


> License: LGPL

LGPLv2 - https://fedoraproject.org/wiki/Licensing:Main#SoftwareLicenses

If you could submit a comment here in the review ticket with two valid "Spec URL:" and "SRPM URL:" fields, you could run the "fedora-review" tool and point it at this ticket.

In the source code there are files with a different non-LGPL license header. What is known about that?


> BuildRequires: gsm-devel

Build log says:

  checking for libgsm >= 1.0.10... not found
  Codec iLBC was disabled
  Codec G.726 was disabled

Package doesn't depend on libgsm either.


> BuildRequires: xerces-c-devel

Seems unused, too. Please verify.


> configure: WARNING: no wx-config found - wxWidgets disabled

?


> W: macro-in-comment %check

"rpmlint -i …" gives a hint. Since you don't want a %check section, either delete it completely, or when commenting it out use a double-%: #%%check
That disables the macro.


> %defattr(-, root, root, -)

Is _really_ not needed anymore since RPM 4.4. ;)
Comment 20 Michael Schwendt 2013-08-09 03:38:45 EDT
Created attachment 784745 [details]
licensecheck.txt done by fedora-review tool

"fedora-review -b 961237" complains about a few things, not limited to the src.rpm containing a spec file different from the separately linked spec file.

The license headers it finds:

  *No copyright* zlib/libpng
  BSD (3 clause)
  BSD (4 clause)
  BSD (4 clause) ISC
  GPL (v2 or later)
  ISC
  Unknown or generated
  zlib/libpng

[...]

> - Package does not contain duplicates in %files.
>   Note: warning: File listed twice: /usr/share/doc/sipxtapi/sipXcallLib
>   See: http://fedoraproject.org/wiki/Packaging/Guidelines#DuplicateFiles

Indeed. Change the following from

  %files doc
  %doc %{_docdir}/%{name}/*
  %{_docdir}/%{name}/

to:

  %files doc
  %{_docdir}/%{name}/

What you wanted would be:

  %files doc
  %{_docdir}/%{name}/*
  %dir %{_docdir}/%{name}

Files below %_docdir are marked %doc automatically, btw.

[...]

Rpmlint (installed packages)
----------------------------
# rpmlint sipxtapi-doc sipxtapi sipxtapi-devel
sipxtapi-doc.x86_64: W: spelling-error %description -l en_US softphones -> soft phones, soft-phones, sousaphones
sipxtapi.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libssl.so.10
sipxtapi.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libcrypto.so.10
sipxtapi.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libpcre.so.1
sipxtapi.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libdl.so.2
sipxtapi.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libpthread.so.0
sipxtapi.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libgsm.so.1
sipxtapi.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/librt.so.1
sipxtapi.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libresolv.so.2
sipxtapi.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libsipXsdp.so.1.0.0 /lib64/libm.so.6
sipxtapi.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libsipXmedia.so.1.0.0 /lib64/libgsm.so.1
sipxtapi.x86_64: W: unused-direct-shlib-dependency /usr/lib64/libsipXport.so.2.0.0 /lib64/libm.so.6
sipxtapi-devel.x86_64: W: no-documentation
3 packages and 0 specfiles checked; 0 errors, 13 warnings.
# echo 'rpmlint-done:'
Comment 21 Daniel Pocock 2013-08-25 03:16:09 EDT
On 09/08/13 09:38, bugzilla@redhat.com wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=961237
>
>
>
> --- Comment #20 from Michael Schwendt <bugs.michael@gmx.net> ---
> Created attachment 784745 [details]
>   --> https://bugzilla.redhat.com/attachment.cgi?id=784745&action=edit
> licensecheck.txt done by fedora-review tool
>
> "fedora-review -b 961237" complains about a few things, not limited to the
> src.rpm containing a spec file different from the separately linked spec file.
>
> The license headers it finds:
>
>   *No copyright* zlib/libpng

That appears to be a false positive
https://github.com/sipXtapi/sipXtapi/blob/master/sipXcallLib/examples/include/nss/zlib.h
contains a complete copyright and license info

libpng does not appear to be included in the tree, it is used by some of
the examples but is not a dependency of the binary packages.


>   BSD (3 clause)
>   BSD (4 clause)
>   BSD (4 clause) ISC

These all appear compatible with the stated LGPL-2 license except for BSD 4 clause

I checked the 4-clause BSD code

It is code that is covered by the UCB statement retrospectively
relicensing all their code as 3-clause, specifically:

ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change

>   GPL (v2 or later)
Some source files in the examples have a GPL license.  They are not
compiled or distributed in the binary RPMs, the package works without them.

I've added comments about all of these extra licenses to the spec file, can you please look at it in github and see if the comments are sufficient to explain this package?

https://github.com/dpocock/sipxtapi-rpm/blob/master/sipxtapi.spec

>   ISC
>   Unknown or generated
>   zlib/libpng
>
> [...]
>
>> - Package does not contain duplicates in %files.
>>   Note: warning: File listed twice: /usr/share/doc/sipxtapi/sipXcallLib
>>   See: http://fedoraproject.org/wiki/Packaging/Guidelines#DuplicateFiles
> Indeed. Change the following from
>
>   %files doc
>   %doc %{_docdir}/%{name}/*
>   %{_docdir}/%{name}/
>
> to:
>
>   %files doc
>   %{_docdir}/%{name}/

Fixed

> What you wanted would be:
>
>   %files doc
>   %{_docdir}/%{name}/*
>   %dir %{_docdir}/%{name}
>
> Files below %_docdir are marked %doc automatically, btw.
>
> [...]
>
> Rpmlint (installed packages)
> ----------------------------
> # rpmlint sipxtapi-doc sipxtapi sipxtapi-devel
> sipxtapi-doc.x86_64: W: spelling-error %description -l en_US softphones -> soft
> phones, soft-phones, sousaphones
> sipxtapi.x86_64: W: unused-direct-shlib-dependency
> /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libssl.so.10
> sipxtapi.x86_64: W: unused-direct-shlib-dependency
> /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libcrypto.so.10
> sipxtapi.x86_64: W: unused-direct-shlib-dependency
> /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libpcre.so.1
> sipxtapi.x86_64: W: unused-direct-shlib-dependency
> /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libdl.so.2
> sipxtapi.x86_64: W: unused-direct-shlib-dependency
> /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libpthread.so.0
> sipxtapi.x86_64: W: unused-direct-shlib-dependency
> /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libgsm.so.1
> sipxtapi.x86_64: W: unused-direct-shlib-dependency
> /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/librt.so.1
> sipxtapi.x86_64: W: unused-direct-shlib-dependency
> /usr/lib64/libsipXmediaProcessing.so.1.0.0 /lib64/libresolv.so.2
> sipxtapi.x86_64: W: unused-direct-shlib-dependency
> /usr/lib64/libsipXsdp.so.1.0.0 /lib64/libm.so.6
> sipxtapi.x86_64: W: unused-direct-shlib-dependency
> /usr/lib64/libsipXmedia.so.1.0.0 /lib64/libgsm.so.1
> sipxtapi.x86_64: W: unused-direct-shlib-dependency
> /usr/lib64/libsipXport.so.2.0.0 /lib64/libm.so.6
> sipxtapi-devel.x86_64: W: no-documentation
> 3 packages and 0 specfiles checked; 0 errors, 13 warnings.
> # echo 'rpmlint-done:'
>

spelling-error seems odd.  If we can't use "softphone", then words like
"software" should become "soft-ware" perhaps

I've suppressed spelling-error and no-documentation

Do the other issues definitely need to be fixed upstream or can the package be accepted despite the warnings?

The other issues require further work on the autotools build system.  It is quite complicated because there are many custom macros and multiple library projects.  It appears to just link some libs (e.g. libssl) for anything, and it needs to be changed to link those libs selectively when building libs that depend on them.
Comment 22 Michael Schwendt 2013-08-25 05:46:02 EDT
> *No copyright* zlib/libpng

That refers to the  sipXportLib/include/xmlparser/tinystr.*  files. The fedora-review tool saves a long list licensecheck.txt with the full paths.


> spelling-error seems odd

Don't worry too much about them. It's normal that there may be false positives.


> the warnings?

They are just warnings, not MUST-fix errors. Also see:
https://fedoraproject.org/wiki/Common_Rpmlint_issues
Comment 23 Daniel Pocock 2013-08-25 10:58:38 EDT
(In reply to Michael Schwendt from comment #22)
> > *No copyright* zlib/libpng
> 
> That refers to the  sipXportLib/include/xmlparser/tinystr.*  files. The
> fedora-review tool saves a long list licensecheck.txt with the full paths.


I ran fedora-review and it gave me an empty licensecheck.txt - maybe I'm not running it correctly

Anyhow, I've looked at those files, it is clear who the authors are, even though they didn't write the copyright line in the normal way.

I understand that packagers can't modify licenses for obvious reasons, but I will look at this as an upstream issue and arrange to have the author names inserted more explicitly above their license block and zlib listed in the license comments.  The authors clearly identify themselves in their documentation/web site, under Contributors:
http://www.grinninglizard.com/tinyxmldocs/index.html

The zlib license itself is OK, it is GPL compatible:
http://www.gnu.org/licenses/license-list.html#ZLib
and therefore the package is OK as an LGPLv2 license

Is that the only other thing I need to deal with upstream to satisfy license/copyright check?

Note You need to log in before you can comment on or make changes to this bug.