[Bug 509658] Review Request: h5py - A Python interface to the HDF5 library

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=509658


Jason Tibbitts <tibbs@xxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
             Blocks|                            |182235(FE-Legal)
         AssignedTo|nobody@xxxxxxxxxxxxxxxxx    |tibbs@xxxxxxxxxxx
               Flag|                            |fedora-review?




--- Comment #1 from Jason Tibbitts <tibbs@xxxxxxxxxxx>  2009-07-11 01:41:48 EDT ---
Indeed, this builds fine and rpmlint is silent.

In the source I see four files in the lzf/lzf directory which are dual-licensed
2-clause BSD and GPLv2+.  The h5py authors are supposed to choose one license
(or leave it as dual licensed if they want) but then I'm not at all sure how
the GPL makes its way into the rest of the code.  The lzf code gets linked
directly into h5.so.

I guess I can bother spot again and block FE-Legal.  My best guess is that the
license of this code ends up as "BSD and (BSD or GPLv2+)", with h5.so being
dual-licensed.

There's an entirely separate question of whether this package should be
including the lzf code at all.  It wouldn't be the first package (that honor
belongs to php-pecl-lzf) but it sure would be nice if there was some library
version of this that things could link against, especially since this code
currently has an open security issue.  Actually, I would recommend not
importing this package until that issue is fixed. 

I note that you package up all of the tests.  Is there any reason to do so? 
Shouldn't those tests be run at build time instead?

* source files match upstream.  sha256sum:         
   4edf35fa6c538c5e9132414061ac18258cf8a1a743fc16db94176657e382c6d7  
   h5py-1.2.0.tar.gz
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.                                                              
* description is OK.                                                          
* dist tag is present.
* build root is OK.
? unsure about the license tag.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper.
* compiler flags are appropriate.
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly.
* debuginfo package looks complete.
* rpmlint is silent.
* final provides and requires are sane:
   h5.so()(64bit)
   h5a.so()(64bit)
   h5d.so()(64bit)
   h5e.so()(64bit)
   h5f.so()(64bit)
   h5fd.so()(64bit)
   h5g.so()(64bit)
   h5i.so()(64bit)
   h5l.so()(64bit)
   h5o.so()(64bit)
   h5p.so()(64bit)
   h5r.so()(64bit)
   h5s.so()(64bit)
   h5t.so()(64bit)
   h5z.so()(64bit)
   utils.so()(64bit)
   h5py = 1.2.0-1.fc12
   h5py(x86-64) = 1.2.0-1.fc12
  =
   libgomp.so.1()(64bit)
   libhdf5.so.6()(64bit)
   libpython2.6.so.1.0()(64bit)
   numpy >= 1.0.3
   python(abi) = 2.6

? %check is not present, but a test suite is included.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* no generically named files
* code, not content.
* documentation is small, so no -doc subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.
* no headers.
* no pkgconfig files.
* no static libraries.
* no libtool .la files.

The package review process needs reviewers!  If you haven't done any package
reviews recently, please consider doing one.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]