On Mon, Dec 12, 2016 at 03:35:36PM +0100, Guido Aulisi wrote: > Hi, > I'm trying to complete an unofficial review > (https://bugzilla.redhat.com/show_bug.cgi?id=1401450) to check my > review skills :-), and I have some problems filling some MUST items > which fedora-review leaves blanks. > The items are: > > 1) Sources contain only permissible code or content: this is very hard > to check if source code is big enough; I'm quite sure that it doesn't > contain content, but checking all source code would be a very long > work. Can we rely on the license (GPLv3+)? Like others mentioned, licensecheck helps a lot. You cannot check every file of course, but files in a source tree usually fall into a few groups, e.g. all .c/.h files that have the same header, a few scripts in tools/ which have a different one, etc. Also, it is quite common to embed other projects or parts of other projects with a different license. So what I do is: try to get a sense of what groups of files there are in the project, and look at a sample from each group. There's a caveat: the License tag specifies the license of the binary package [1], so for example build scripts, configuration macros, tests that are only used during build, makefiles, are all things which can a stricter (or different) license than what License specifies. They have to be redistributable, but have no direct effect on the License tag. [1] https://fedoraproject.org/wiki/Licensing:FAQ?rd=Licensing/FAQ#What_is_.22effective_license.22_and_do_I_need_to_know_that_for_the_License:_tag.3F > > 2) Package does not generate any conflict: do I have to install all > Fedora packeges to check this or is there a better way to check that > (maybe a query to the package database)? fedora-review checks this for you. No need to do this by hand. > 3) Package is not known to require an ExcludeArch tag: I think I need > a scratch koji build to check this, but it was not done. Can I do a > scratch build myself? For noarch packages, you don't need to bother. Every fedora packager can do a scratch build: koji build --scratch rawhide package.src.rpm For compiled packages, it's good to do this check, although most of the time it's fine if you skip it: after all, if the package does not compile on some architecture, the maintainer of that package will not be able to build it, so they'll have either fix that or add ExcludeArch/ExclusiveArch anyway. > 4) Package complies to the Packaging Guidelines: this seems to me like > a catch all question, it summarizes all other items, doesn't it? Yeah. The checklist in fedora-review requires contains a few strange items. That is one. For others, the wording is rather strange: "Package is not known to require an ExcludeArch tag", "Package contains systemd file(s) if in need." ? Take them with a grain of salt. Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx