Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Merge Review: cracklib https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225659 ------- Additional Comments From jspaleta@xxxxxxxxx 2007-02-11 06:19 EST ------- review checklist for cracklib Sumary NOT APPROVED. See the notes below for full details. Attached to this report is a diff of the specfile which includes all of my suggested changes. The package owner should review the diff if there are items which can not be incorporated, bring it up as a comment to this report for discussion. NOTE: Not all the blockers have been address in the specfile diff. There are items which the package owner must address which are not obvious specfile fixes. + GOOD - BAD + rpmlint... see the notes at the end. I've rolled in changes into the spec from the rpmlint log info + packagename is fine + specfile name is fine + license check Artistic , matches source license for SOURCE0, and LICENSE file included in %doc spec is english-ish - md5sum check of sources 9a8c9eb26b48787c84024ac779f64bb2 cracklib-2.8.9.tar.gz from SOURCE0 URL 9a8c9eb26b48787c84024ac779f64bb2 /home/jspaleta/rpmbuild/SOURCES/cracklib-2.8.9.tar.gz md5sum check: ASSurnames.gz: OK cartoon.gz: OK common-passwords.txt.gz: OK Congress.gz: OK cracklib-2.8.9.tar.gz: OK cracklib-words.gz: FAILED Domains.gz: OK Dosref.gz: OK etc-hosts.gz: OK famous.gz: OK fast-names.gz: OK female-names.gz: OK Ftpsites.gz: OK Given-Names.gz: OK Jargon.gz: OK LCarrol.gz: OK male-names.gz: OK Movies.gz: OK myths-legends.gz: OK names.french.gz: OK names.hp.gz: OK other-names.gz: OK Paradise.Lost.gz: OK Python.gz: OK sf.gz: OK shakespeare.gz: OK surnames.finnish.gz: OK Trek.gz: OK d18e670e5df560a8745e1b4dede8f84f cracklib-words.gz from SOURCE1 URL 575a44add4db95b43c7abb46b307950f /home/jspaleta/rpmbuild/SOURCES/cracklib-words.gz + mock build as done by matt http://linux.dell.com/files/fedora/FixBuildRequires/mock-results-core/i386/cracklib-2.8.9-8.src.rpm/result/ - buildrequires removed gzip as exception provided by buildsys...fixed in specfile diff + shared libs exist and ldconfig is run in the correct script actions + not designed to be relocatable + no duplicates in the files section + file permissions look okay to me - static libs are currently included in the -devel package.. this is a no no unless you have a good reason + docs section looks fine - devel subpackage, includes .so and headerfiles... and a static .a which it should not, unless it really really needs to. + no gui apps + no obvious duplicate file/directory ownership BAD *cracklib-words.gz included sources does NOT match upstream according to the checksum. This is a little sticky, since the upstream file is not versioned nor in a versioned directory. if upstream continues to update this file its difficult to make a version comparison to some known state. *pass-file.gz doesn't appear to have an upstream URL even though its listed as a source, so there is no upstream to md5sum to check against. If there is no upstream for this file, this should be at least noted as a comment in the specfile. I don't think this its super critical considering this is a dictionary file and not the functional codebase itself... but it definitely should be noted in the specfile that its an inhouse creation and why it was created. This one I can't fix in my specfile diff because I don't know why that file is there. *gzip as a buildrequires, removed in specfile diff as a buildsys provided exception * is there a compelling reason to include the static libcrack.a in the -devel package? The guidelines frown very heavily on including static libraries, and there needs to be a compelling reason to do so. Removed from the package in the specfile diff *cracklib-dicts needs cracklib because of the symlinks in /usr/sbin/ ...fixed in specfile diff. rpmlint log from dell ...reviewer comments inline rpmlint on cracklib-2.8.9-8.i386.rpm W: cracklib summary-ended-with-dot A password-checking library. ... fixed in specfile diff E: cracklib tag-not-utf8 %changelog ... fixed in specfile diff W: cracklib one-line-command-in-%trigger /sbin/ldconfig ... not sure about this one rpmlint on cracklib-2.8.9-8.src.rpm W: cracklib summary-ended-with-dot A password-checking library. E: cracklib tag-not-utf8 %changelog E: cracklib non-utf8-spec-file cracklib.spec ... fixed in specfile diff W: cracklib mixed-use-of-spaces-and-tabs (spaces: line 102, tab: line 108) ... fixed in specfile diff rpmlint on cracklib-devel-2.8.9-8.i386.rpm W: cracklib-devel summary-ended-with-dot Development files needed for building applications which use cracklib. ... fixed in diff E: cracklib-devel tag-not-utf8 %changelog W: cracklib-devel no-documentation ... bogus not important rpmlint on cracklib-python-2.8.9-8.i386.rpm W: cracklib-python summary-ended-with-dot Python bindings for applications which use cracklib. ... fixed in diff E: cracklib-python tag-not-utf8 %changelog W: cracklib-python no-documentation rpmlint on cracklib-dicts-2.8.9-8.i386.rpm W: cracklib-dicts summary-ended-with-dot The standard CrackLib dictionaries. ... fixed in diff E: cracklib-dicts tag-not-utf8 %changelog E: cracklib-dicts only-non-binary-in-usr-lib ... bogus all the /usr/lib/ files are links back to /usr/share/ W: cracklib-dicts no-documentation W: cracklib-dicts dangling-relative-symlink /usr/sbin/packer cracklib-packer ... bogus as long as cracklib is installed W: cracklib-dicts dangling-relative-symlink /usr/sbin/mkdict cracklib-format ... bogus as long as cracklib is installed -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review