Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=689056 --- Comment #5 from Sergio Belkin <sebelk@xxxxxxxxx> 2011-08-20 20:20:20 EDT --- Hi Mark [ rpmlint spec file ] rpmlint -i -v maldetect.spec maldetect.spec:16: W: mixed-use-of-spaces-and-tabs (spaces: line 16, tab: line 1) The specfile mixes use of spaces and tabs for indentation, which is a cosmetic annoyance. Use either spaces or tabs for indentation, not both. maldetect.spec: I: checking-url http://www.rfxn.com/downloads/maldetect-current.tar.gz (timeout 10 seconds) 0 packages and 1 specfiles checked; 0 errors, 1 warnings. [A]: Fix it ;) [ rpmlint SRPM file ] rpmlint -i -v /home/sergio/rpmbuild/SRPMS/maldetect-1.4.0-1.fc15.src.rpm maldetect.src: I: checking maldetect.src: W: spelling-error Summary(en_US) malware -> Waldemar The value of this tag appears to be misspelled. Please double-check. maldetect.src: W: spelling-error %description -l en_US malware -> Waldemar The value of this tag appears to be misspelled. Please double-check. maldetect.src: I: checking-url http://www.rfxn.com/projects/linux-malware-detect/ (timeout 10 seconds) maldetect.src:16: W: mixed-use-of-spaces-and-tabs (spaces: line 16, tab: line 1) The specfile mixes use of spaces and tabs for indentation, which is a cosmetic annoyance. Use either spaces or tabs for indentation, not both. maldetect.src: I: checking-url http://www.rfxn.com/downloads/maldetect-current.tar.gz (timeout 10 seconds) maldetect.src: W: file-size-mismatch maldetect-current.tar.gz = 758891, http://www.rfxn.com/downloads/maldetect-current.tar.gz = 762399 The size of the file in the package does not match the size indicated by peeking at its URL. Verify that the file in the package has the intended contents. 1 packages and 0 specfiles checked; 0 errors, 4 warnings. [B]: Fix indentation issue [ rpmlint rpm files ] maldetect.noarch: I: checking maldetect.noarch: W: spelling-error Summary(en_US) malware -> Waldemar The value of this tag appears to be misspelled. Please double-check. maldetect.noarch: W: spelling-error %description -l en_US malware -> Waldemar The value of this tag appears to be misspelled. Please double-check. maldetect.noarch: I: checking-url http://www.rfxn.com/projects/linux-malware-detect/ (timeout 10 seconds) maldetect.noarch: E: executable-marked-as-config-file /etc/cron.daily/maldetect Executables must not be marked as config files because that may prevent upgrades from working correctly. If you need to be able to customize an executable, make it for example read a config file in /etc/sysconfig. maldetect.noarch: E: incorrect-fsf-address /usr/share/doc/maldetect-1.4.0/COPYING.GPL The Free Software Foundation address in this file seems to be outdated or misspelled. Ask upstream to update the address, or if this is a license file, possibly the entire file with a new copy available from the FSF. maldetect.noarch: E: zero-length /usr/share/maldetect/ignore_sigs maldetect.noarch: E: incorrect-fsf-address /var/lib/maldetect/inotify/tlog The Free Software Foundation address in this file seems to be outdated or misspelled. Ask upstream to update the address, or if this is a license file, possibly the entire file with a new copy available from the FSF. maldetect.noarch: W: no-manual-page-for-binary maldet Each executable in standard binary directories should have a man page. [C]: Fix FSF address take a look at http://www.fsf.org/about/contact/ and eg /usr/share/doc/kdeaccessibility-4.6.5/COPYING [:=] MUST: The package must be named according to the Package Naming Guidelines. [+] MUST: The spec file name must match the base package %{name} [:=] MUST: The package must meet the Packaging Guidelines. [FIXME?: covers this list and more] [+] MUST: The package must be licensed with a Fedora approved license and meet the Licensing Guidelines. [+] MUST: The License field in the package spec file must match the actual license. [+] MUST: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package must be included in %doc. [:=] MUST: The spec file must be written in American English. [+] MUST: The spec file for the package MUST be legible. [:=] MUST: The sources used to build the package must match the upstream source, [+] MUST: The package must successfully compile and build into binary rpms on at least one supported architecture. [+] MUST: All build dependencies must be listed in BuildRequires [] MUST: The spec file MUST handle locales properly. This is done by using the %find_lang macro. [+] MUST: A package must own all directories that it creates. If it does not create a directory that it uses, then it should require a package which does create that directory. [+] MUST: A package must not contain any duplicate files in the %files listing. [+] MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. Every %files section must include a %defattr(...) line. [+] MUST: Each package must consistently use macros, as described in the macros section of Packaging Guidelines. [+] MUST: The package must contain code, or permissible content. This is described in detail in the code vs. content section of Packaging Guidelines. [+] MUST: If a package includes something as %doc, it must not affect the runtime of the application. [+] MUST: Packages must not own files or directories already owned by other packages. [+] MUST: All filenames in rpm packages must be valid UTF-8. SHOULD Items: [:=] SHOULD: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [:=] SHOULD: The description and summary sections in the package spec file should contain translations for supported Non-English languages, if available. [+] SHOULD: The reviewer should test that the package builds in mock. [+] SHOULD: The reviewer should test that the package functions as described. [+] SHOULD: Packages should try to preserve timestamps of original installed files. [:=] It has not a manpage for executable file, could it possible? contact to the upstream if you can. [D] Please coud you contact to upstream to determine what kind of license should be applied to the entire package as Martin Gieseking suggested? If upstream doesn't answer so let license be GPLv2 + GPLv2+ [E]: The comment in the specfile: It's a bit bad-written :) and also I think that "hardcoding" the current md5sum is not a good idea. # The author does not provide a way of download a specifc version. # The md5sum of the tarball in this SRPM will differ becasue the signatures # included are constantly updated. To confirm this tarball is the same as the # one you just donwloaded, the line below delete the signatures and generate # the md5sum. The md5sum should be b7a28e4121e4ba0655de143a38aa3ed4 You may add something like this instead: # The author does not provide a way of download a specifc version. # The md5sum of the tarball in this SRPM will differ becasue the signatures # included are constantly updated. In order to confirm this tarball is the same # as the one you just donwloaded from Source0, run the line below which deletes # the signatures and generates the md5sum. You should do it the same for #tarball of SRPM package. Both md5sums should be equal. Please fix each issue labeled with letters and then come back and maldetect will be approved :) But there are a serious issue unless I didn't understand well how this program works, look at this: My /etc/fstab looks as follows: # # /etc/fstab # Created by anaconda on Tue Jul 12 19:45:18 2011 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/vg_sebelk-root / ext4 defaults 1 1 #UUID=1cfa489a-8252-4b54-b740-2b0344474e2e /boot ext4 defaults 1 2 /dev/sda3 /boot ext4 defaults 1 2 /dev/mapper/vg_sebelk-LogVol02 /home ext4 defaults 1 2 /dev/mapper/vg_sebelk-LogVol01 swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 maldet -a /etc/fstab Linux Malware Detect v1.4.0 (C) 2002-2011, R-fx Networks <proj@xxxxxxxx> (C) 2011, Ryan MacDonald <ryan@xxxxxxxx> inotifywait (C) 2007, Rohan McGovern <rohan@xxxxxxxxxxxxxx> This program may be freely redistributed under the terms of the GNU GPL v2 maldet(2809): {scan} signatures loaded: 8114 (6257 MD5 / 1857 HEX) maldet(2809): {scan} building file list for /etc/fstab, this might take awhile... maldet(2809): {scan} file list completed, found 1 files... maldet(2809): {scan} 1/1 files scanned: 0 hits 0 cleaned maldet(2809): {scan} scan completed on /etc/fstab: files 1, malware hits 1, cleaned hits 0 [NOTE FROM MYSELF: WHAT????] maldet(2809): {scan} scan report saved 'maldet --report 082011-2109.2809' I've edited /etc/maldetect.conf and set quar_hits to 1 And guess what? maldetect put my innocent fstab under qurantine!!! I've tested with a lot of other innocent files and did it the same. Please tell me if we should let come in this package in Fedora... Did I miss something? Take care. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review