Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=818264 Stanislav Ochotnicky <sochotni@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |182235(FE-Legal) --- Comment #4 from Stanislav Ochotnicky <sochotni@xxxxxxxxxx> 2012-05-03 08:02:41 EDT --- I was already halfway through the review so I'll post it as it is and then just list still applicable stuff in another comment Package Review ============== Key: - = N/A x = Pass ! = Fail ? = Not evaluated ==== Generic ==== [x]: MUST Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [x]: MUST Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: MUST %build honors applicable compiler flags or justifies otherwise. [x]: MUST All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines. [x]: MUST Buildroot is not present Note: Unless packager wants to package for EPEL5 this is fine [!]: MUST Package contains no bundled libraries. [x]: MUST Changelog in prescribed format. [x]: MUST Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) Note: Clean would be needed if support for EPEL is required [x]: MUST Sources contain only permissible code or content. [x]: MUST Each %files section contains %defattr if rpm < 4.4 Note: Note: defattr macros not found. They would be needed for EPEL5 [x]: MUST Macros in Summary, %description expandable at SRPM build time. [!]: MUST Package requires other packages for directories it uses. Package should probably require python (even though it is even in minimal install) [x]: MUST Package uses nothing in %doc for runtime. [x]: MUST Package is not known to require ExcludeArch. [x]: MUST Permissions on files are set properly. [x]: MUST Package does not contain duplicates in %files. [x]: MUST Spec file lacks Packager, Vendor, PreReq tags. [x]: MUST Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. Note: rm -rf would be needed if support for EPEL5 is required [-]: MUST Large documentation files are in a -doc subpackage, if required. [!]: MUST If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. [!]: MUST License field in the package spec file matches the actual license. [x]: MUST Package consistently uses macros (instead of hard-coded directory names). [x]: MUST Package is named according to the Package Naming Guidelines. [x]: MUST Package does not generate any conflict. [x]: MUST Package obeys FHS, except libexecdir and /usr/target. [x]: MUST Package must own all directories that it creates. [x]: MUST Package does not own files or directories owned by other packages. [x]: MUST Package installs properly. [x]: MUST Requires correct, justified where necessary. [!]: MUST Rpmlint output is silent. rpmlint python-xlwt-0.7.4-1.fc18.src.rpm python-xlwt.src: W: invalid-license LGPL2.0 1 packages and 0 specfiles checked; 0 errors, 1 warnings. rpmlint python-xlwt-0.7.4-1.fc18.noarch.rpm python-xlwt.noarch: W: invalid-license LGPL2.0 python-xlwt.noarch: W: file-not-utf8 /usr/share/doc/python-xlwt-0.7.4/licences.py 1 packages and 0 specfiles checked; 0 errors, 2 warnings. [x]: MUST Sources used to build the package match the upstream source, as provided in the spec URL. /home/w0rm/work/projects/FedoraReview/818264/xlwt-0.7.4.tar.gz : MD5SUM this package : 231f4ff30894fc70d142b4ed1ba71cc0 MD5SUM upstream package : 231f4ff30894fc70d142b4ed1ba71cc0 [x]: MUST Spec file is legible and written in American English. [x]: MUST Spec file name must match the spec package %{name}, in the format %{name}.spec. [-]: MUST Package contains a SysV-style init script if in need of one. [x]: MUST File names are valid UTF-8. [-]: MUST Useful -debuginfo package or justification otherwise. [x]: SHOULD Reviewer should test that the package builds in mock. [!]: SHOULD If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: SHOULD Dist tag is present. [x]: SHOULD No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: SHOULD Final provides and requires are sane (rpm -q --provides and rpm -q --requires). [x]: SHOULD Package functions as described. [x]: SHOULD Latest version is packaged. [x]: SHOULD Package does not include license text files separate from upstream. [x]: SHOULD Patches link to upstream bugs/comments/lists or are otherwise justified. [x]: SHOULD SourceX is a working URL. [-]: SHOULD Description and summary sections in the package spec file contains translations for supported Non-English languages, if available. [x]: SHOULD Package should compile and build into binary rpms on all supported architectures. [!]: SHOULD %check is present and all tests pass. If possible checks available in tests/ directory should be run during %check [x]: SHOULD Packages should try to preserve timestamps of original installed files. [x]: SHOULD Spec use %global instead of %define. Issues: [!]: MUST Package contains no bundled libraries. There is antlr-python bundled: xlwt/antlr.py this needs to be unbundled, antlr-python should be put into Requires. Shouldn't be hard and it should keep working with few/no modifications of source code. Bring it up with upstream as well. Bundling is ugly practice [!]: SHOULD If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. As stated above a full license text of LGPLv2.1 should probably be included (if that is indeed the intention of upstream with utils.py). Get in touch with upstream about this. [!]: MUST If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc. It would be good to contact upstream and get them to include full text of LGPL in the tarballs. I also see no reason to have licenses in a Python file, but I don't particularly care about that :-) [!]: MUST License field in the package spec file matches the actual license. licences.py states that the project is a fork of pyExcelerator which was a weird BSD 4 clause that I have never seen and fedora wiki doesn't list it either. README.html and licenses.py added BSD (3 clause). And then there is xlwt/Utils.py which says LGPLv2+ I am blocking FE_LEGAL. I believe the 4-clause BSD license is most probably OK, but it needs to be added to https://fedoraproject.org/wiki/Licensing#Good_Licenses see: https://fedoraproject.org/wiki/Licensing/BSD Final License tag will most probably be something like: LGPLv2+ and BSD and BSD with attribution But we should wait on legal with this. [!]: MUST Rpmlint output is silent. rpmlint python-xlwt-0.7.4-1.fc18.src.rpm python-xlwt.src: W: invalid-license LGPL2.0 1 packages and 0 specfiles checked; 0 errors, 1 warnings. rpmlint python-xlwt-0.7.4-1.fc18.noarch.rpm python-xlwt.noarch: W: invalid-license LGPL2.0 python-xlwt.noarch: W: file-not-utf8 /usr/share/doc/python-xlwt-0.7.4/licences.py 1 packages and 0 specfiles checked; 0 errors, 2 warnings. LGPL2.0 is actually LGPLv2 (even though even that would not be correct in this case as stated above) licenses.py should be converted to UTF-8 prior to installing See: http://fedoraproject.org/wiki/Packaging/Guidelines#rpmlint Generated by fedora-review 0.2.0git External plugins: /usr/share/fedora-review/plugins/ext2.pl version: 1.0 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review