Bug 985622 - Review Request: rubygem-safe_yaml - Parse YAML safely
Review Request: rubygem-safe_yaml - Parse YAML safely
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Josef Stribny
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-07-17 18:44 EDT by Troy Dawson
Modified: 2016-01-04 00:51 EST (History)
4 users (show)

See Also:
Fixed In Version: rubygem-safe_yaml-0.9.4-2.fc19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-08-10 08:40:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
jstribny: fedora‑review+
limburgher: fedora‑cvs+

Attachments (Terms of Use)

  None (edit)
Description Troy Dawson 2013-07-17 18:44:20 EDT
Spec URL: http://tdawson.fedorapeople.org/review/rubygem-safe_yaml.spec
SRPM URL: http://tdawson.fedorapeople.org/review/rubygem-safe_yaml-0.9.4-1.fc20.src.rpm
The SafeYAML gem provides an alternative implementation of 
YAML.load suitable for accepting user input in Ruby applications. 
Unlike Ruby's built-in implementation of YAML.load, SafeYAML's 
version will not expose apps to arbitrary code execution exploits.

Fedora Account System Username: tdawson
Comment 1 Troy Dawson 2013-07-17 18:45:49 EDT
rpmlint output:
$ rpmlint rubygem-safe_yaml.spec /home/quake/rpmbuild/SRPMS/rubygem-safe_yaml-0.9.4-1.fc20.src.rpm /home/quake/rpmbuild/RPMS/noarch/rubygem-safe_yaml-0.9.4-1.fc20.noarch.rpm /home/quake/rpmbuild/RPMS/noarch/rubygem-safe_yaml-doc-0.9.4-1.fc20.noarch.rpm
rubygem-safe_yaml-doc.noarch: W: spelling-error Summary(en_US) yaml -> yam, yams, yawl
rubygem-safe_yaml-doc.noarch: W: spelling-error %description -l en_US yaml -> yam, yams, yawl
3 packages and 1 specfiles checked; 0 errors, 2 warnings.

(Not much I can do when the spell checker doesn't like yaml)
Comment 2 Josef Stribny 2013-07-22 08:39:10 EDT
* I understand that specs cannot be run at the moment, but perhaps would be
  better to fix the spec file in the way that it could run them when the deps
  are fulfilled.

  That probably requires running the specs in the right directory:

  pushd .%{gem_instdir}
  rspec -Ilib spec

  and requiring RSpec as BuildRequires:

  BuildRequires: rubygem(rspec)

  (both within your 0%{?enable_tests} condition).

Otherwise the spec matches the guidelines, rpmlint doesn't complain, package builds, installs and runs fine so I am APPROVING. Please, fix the issue above (or delete the conditions whatsoever) before pushing it and don't forget to bump the release. Thank you.
Comment 3 Troy Dawson 2013-07-22 10:19:52 EDT
Spec URL: http://tdawson.fedorapeople.org/review/rubygem-safe_yaml.spec
SRPM URL: http://tdawson.fedorapeople.org/review/rubygem-safe_yaml-0.9.4-2.fc19.src.rpm

- Updated BuildRequires (in 0%{?enable_tests} condition)
-- now has BuildRequires: rubygem(rspec)
- Update %check (in 0%{?enable_tests} condition)
-- Now does pushd / popd to correct directory for testing

Thanks for these comments.  You are correct, if I'm going to put that condition in, so we can easily do the tests when the requirements are there, I should get it correct.
Comment 4 Troy Dawson 2013-07-29 15:32:03 EDT
New Package SCM Request
Package Name: rubygem-safe_yaml
Short Description: Parse YAML safely
Owners: tdawson
Branches: f18 f19 el6
Comment 5 Gwyn Ciesla 2013-07-29 16:12:19 EDT
Git done (by process-git-requests).
Comment 6 Fedora Update System 2013-07-29 17:56:35 EDT
rubygem-safe_yaml-0.9.4-2.fc19 has been submitted as an update for Fedora 19.
Comment 7 Fedora Update System 2013-08-01 23:27:50 EDT
rubygem-safe_yaml-0.9.4-2.fc19 has been pushed to the Fedora 19 testing repository.
Comment 8 Fedora Update System 2013-08-10 08:40:08 EDT
rubygem-safe_yaml-0.9.4-2.fc19 has been pushed to the Fedora 19 stable repository.

Note You need to log in before you can comment on or make changes to this bug.