Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=513345 --- Comment #5 from Matej Cepl <mcepl@xxxxxxxxxx> 2009-07-23 09:11:03 EDT --- + FAIL: rpmlint is silent on both source and binary package. bradford:rpmbuild$ rpmlint iwak-2.4-1.fc11.src.rpm iwak.src: E: description-line-too-long Detect the openssh keys affected by CVE-2008-0166 among authorized_keys. This is done by computing the fingerprints from iwak.src: E: description-line-too-long each authorized key and then comparing against the databaze of blacklisted fingerprints. 1 packages and 0 specfiles checked; 2 errors, 0 warnings. bradford:rpmbuild$ + GOOD: The package is named according to the Package Naming Guidelines . + GOOD: The spec file name matches the base package %{name}, in the format %{name}.spec. + GOOD: The package meets the Packaging Guidelines. + GOOD: The package is licensed with a Fedora approved license and meet the Licensing Guidelines. + GOOD: The License field in the package spec file matches the actual license. Well, it would be better if this GPL blurb was in the top of the script itself: iawk - detects the openssh authorized_keys affected by CVE-2008-0166 Copyright (C) 2009 Jan F. Chadima Copyright (C) 2009 Red Hat Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + GOOD: The spec file is written in American English. + GOOD: The spec file for the package is legible. + GOOD: The sources used to build the package matches the upstream source, as provided in the spec URL. SHA1: c9567e1590d75afa080102096b0ba19a49834f3a + GOOD: The package successfully compiles and build into binary rpms on at least one supported architecture. It is noarch -- koji scratch build is http://koji.fedoraproject.org/koji/taskinfo?taskID=1494766 + GOOD: builds on all architectures noarch + GOOD: All build dependencies are listed in BuildRequires. (builds in koji) + GOOD: The spec file MUST handle locales properly. No locale support. + GOOD: no libraries + GOOD: not relocatable + GOOD: A package owns all directories that it creates. + GOOD: A package must not contain any duplicate files in the %files listing. + GOOD: Permissions on files must be set properly. + GOOD: Each package have a %clean section. + GOOD: Each package consistently use macros. + GOOD: The package contains code, or permissable content. + GOOD: No large documentation files, so no a -doc subpackage. + GOOD: Files registered in %doc does not affect the runtime of the application. + GOOD: No header files. + GOOD: No static libraries. + GOOD: No pkgconfig(.pc) files. + GOOD: The package does not contain library files with a suffix. + GOOD: No devel packages. + GOOD: No .la libtool archives. + GOOD: Packages does not contain GUI applications. + GOOD: Packages does not own files or directories owned by other packages. + GOOD: Runs rm -rf $RPM_BUILD_ROOT in %install + GOOD: All filenames in rpm packages are valid UTF-8. + GOOD: Includes license text. Please fix or explain above show issues. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review