Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: tor - Anonymizing overlay network for TCP (The onion router) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175433 ------- Additional Comments From toshio@xxxxxxxxxxxxxxx 2006-09-25 01:13 EST ------- MD5Sum a1c6efad2d042b7b54da114852687df4 tor-0.1.0.15-setgroups.patch 33ce7155f545c4d30cb846d7017cc6c2 tor-0.1.1.23.tar.gz e1c9fd2bd8fb03c1f35028fbe7d19585 tor-0.1.1.23.tar.gz.asc 56c122286a73ed67308cf2864a246c7a tor.logrotate fa520d134658dc6919af24a1218b3676 tor.lsb c83c1cb67453e47bf710f899b9e58976 tor.spec 8cef32dff6452c22873846adc6041d86 tor-0.1.1.23-2.fc5x.src.rpm Cosmetic: * The gpg file is nice in that it alerts me to its presence on the upstream download site but unless I have the signing gpg key in my web of trust I'm still going to have to run around the internet verifying that the gpg signature comes from upstream and that the key that made it probably belongs to the developers by which time I've downloaded the file from the internet myself. So the case for including it is only so-so to me. (Not a blocker, though.) Rpmlint: *.src.rpm: W: tor strange-permission tor.lsb 0775 - Ignorable, this is the initscript for SysVinit. E: tor hardcoded-library-path in /usr/lib/lsb/install_initd E: tor hardcoded-library-path in /usr/lib/lsb/remove_initd - Ignorable, you're just calling chkconfig via the lsb standard names. W: tor macro-in-%changelog doc - Line 221 has a bare %doc instead of %%doc. W: tor mixed-use-of-spaces-and-tabs - Cosmetic. Rpmlint: tor: E: tor no-binary - Igorable as this is a meta-package. Romlint: tor-core: E: tor-core non-standard-gid /etc/tor/torrc toranon E: tor-core non-standard-gid /var/log/tor toranon E: tor-core non-standard-uid /var/lib/tor toranon E: tor-core non-standard-gid /var/lib/tor toranon - toranon is fine so these are ignorable. E: tor-core non-readable /etc/tor/torrc 0640 E: tor-core non-standard-dir-perm /var/log/tor 0730 E: tor-core non-standard-dir-perm /var/lib/tor 0700 - Should be fine as well. E: tor-core incoherent-logrotate-file /etc/logrotate.d/tor - rpmlint is confused because the package is named tor-core. This is ignorable. Rpmlint: tor-lsb: W: tor-lsb conffile-without-noreplace-flag /etc/rc.d/init.d/tor E: tor-lsb executable-marked-as-config-file /etc/rc.d/init.d/tor - As explained earlier, this is normal for init scripts. W: tor-lsb no-documentation - Documentation is in the main package. This is ignorable. E: tor-lsb non-standard-uid /var/run/tor toranon E: tor-lsb non-standard-gid /var/run/tor toranon - This is fine. W: tor-lsb hidden-file-or-dir /etc/tor/.have-lsb E: tor-lsb zero-length /etc/tor/.have-lsb W: tor-lsb non-conffile-in-etc /etc/tor/.have-lsb - The .have-lsb file seems to be a marker identifying which set of init scripts is installed for things like the logrotate script. So it's state of the system rather than configuration. So not marking it %config makes sense. But putting it in /var might be better than /etc. Also, is there a reason to make it hidden? If not, perhaps: /var/lib/tor/have-lsb would be better. E: tor-lsb postin-without-chkconfig /etc/rc.d/init.d/tor E: tor-lsb preun-without-chkconfig /etc/rc.d/init.d/tor - You're calling chkconfig by its lsb name, /usr/lib/lsb/install_initd so this is ignorable. W: tor-lsb incoherent-init-script-name tor - Once again, rpmlint is confused by the tor-lsb package name so this is ignorable. Good: * Source and signature matches upstream * Signature verified created by: #28988BF5: "Roger Dingledine <arma@xxxxxxx>" and is a valid signature for the source. * Package meets the Naming guidelines * License, BSD, is OSI approved and matches what is documented in the spec. * LICENSE is included in %files. * BuildRequires are listed. * Package has no locales; language files in documentation are marked with the appropriate languages. * No shared libraries. * Not relocatable. * Package owns all the directories it creates. * No duplicate files listed. * Permissions properly set. * Package has a proper %clean section. * Macros used consistently. * Package contains code. * Documentation fits comfortably into the main package. * Documentation does not affect package at runtime. * No libraries. * Not a GUI application. * Package owns all files and directories that it creates and no extraneous ones.* Scriptlets are sane. They use fedora-usermgmt to create and delete a system uid/gid. They install the tor init scripts but don't start the service. * Builds in mock on x86_64. Summary: Fixing the macro in changelog and moving /etc/tor/.have-lsb to /var/lib/tor/have_lsb are the only things I see to be fixed here. If you're okay with those changes I'll approve. I've gone through all the previous comments as well and I think there's a bit of tempest in a teapot going on here. There are some advantages to keeping the package unified. However, Enrico seems to have addressed nearly all of those with his tor meta package so that `yum install tor` does the expected thing on a default FC install with the added flexibility that installing tor-core with a different subpackage can make the package work for other init systems. There may be a more elegant way to solve the dependency problem but without any new suggestions, Enrico's approach seems to be the best we can do with what's available now. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review