Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217259 Summary: Review Request: alsa-firmware - Firmware for several ALSA-supported sound card Product: Fedora Extras Version: devel Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: Package Review AssignedTo: nobody@xxxxxxxxxxxxxxxxx ReportedBy: rpm@xxxxxxxxxx QAContact: fedora-package-review@xxxxxxxxxx Spec URL: http://www.timj.co.uk/linux/specs/alsa-firmware.spec SRPM URL: http://www.timj.co.uk/linux/srpms/alsa-firmware-1.0.12-1.src.rpm Description: This package contains the firmware binaries for a number of sound cards. Some (but not all of these) require firmware loaders which are included in the alsa-tools-firmware package alsa-firmware has not been in Fedora since Fedora.us days, even though it is absolutely vital to make some soundcards usable. There are several possible issues: 1. licensing/distribution 2. compliance with Guidelines Let's take (1) first. Thorsten did a bit of background research on this and summarised in a private mail on 2 June 2006: ====================================================================== I took a closer look at the latest upstream package at ftp://ftp.alsa-project.org/pub/firmware/alsa-firmware-1.0.11.tar.bz2 It contains a file COPYING in the root with the GPL. And a README with --- LICENSE AND COPYRIGHT ===================== The files contained in this package is regarded as the example data for each alsa-tools program. Hence, their copyright and license follow basically to the definition of alsa-tools programs. The detailed license and copyright is found in README of each subdirectory. --- alsa-tools contains a lot of license files with the GPL (and once LGPL). Most subdirs contains README files with terms like --- COPYRIGHT ========= Copyright (c) 2003 Digigram SA <alsa@xxxxxxxxxxxx> Distributable under GPL. --- or --- COPYRIGHT ========= Copyright (c) RME Distributable under GPL. --- or --- COPYRIGHT ========= tascam_loader.ihx, tascam_loader.asm and an2131.asm: Available under GPL without restrictions. other firmware files: Copyright (c) 2003 Tascam / TEAC Corporation. Distributable under GPL. ====================================================================== This still stands with 1.0.12. So it appears to meet the requirements for Binary Firmware in the Guidelines. (It is also distributed with a number of other distros including Mandriva and OpenSUSE) 2. spot and Thorsten did some work with "file" to see if it met the requirement for "no executables". The most interesting one was: ./lib/firmware/mixart/miXart8.elf: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, not stripped Now this does appear to really be an ELF binary, but it is not +x and it doesn't appear to run on Linux: $ chmod +x miXart8.elf $ ./miXart8.elf bash: ./miXart8.elf: cannot execute binary file so I think we can say that is truly is firmware, and it just happens that this device uses a piece of firmware in ELF format. a "file $(find . -type f) | grep -v -e ASCII -e Bourne -e shell" also throws up some other bits that aren't "data" like: ./lib/firmware/digiface_firmware.bin: DOS executable (device driver) ./lib/firmware/digiface_firmware_rev11.bin: DOS executable (device driver) ./lib/firmware/ea/3g_asic.fw: PGP encrypted data but these appear to just be "file" noise. They appear to be genuine firmware, that's not executed on the host, so they should be fine. (and 3g_asic is not PGP data; that's just what happens when you chuck lots of random stuff at "file"). Last CVS from fedora.us days, which is largely unchanged here: http://cvs.fedora.redhat.com/viewcvs/*checkout*/rpms/alsa-firmware/FC-5/alsa-firmware.spec?root=extras&rev=1.5 Package is listed on: http://www.fedoraproject.org/wiki/Extras/PackagesNoLongerInDevel?highlight=%28alsa-firmware%28 as "pending legal review" but there appears to be nothing happening and nobody tasked to do anything AFAICT. Given the above details, in the absence of a compelling reason, I don't see why this shouldn't be included in Fedora. I'm looking to spot here to make a call or, if some kind of legal review really is needed, make this block FE-LEGAL and get someone's attention about it. Note that I only have one piece of hardware that this firmware supports (Echo Audio Indigo DJ) so any feedback from anyone else welcome. I have marked the package as "noarch"; since it's containing firmware it should be. However, given that the firmware is "compiled" from big strings and there's some fiddly stuff going on, I would appreciate some md5sums of the generated firmware from someone with ppc/x86_64 architectures just to make sure that the end result is the same. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review