Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=881443 --- Comment #3 from Mohammed Safwat <Mohammed_ElAfifi@xxxxxxxxx> --- Hi Eduardo, Thank you for your thorough review. I've worked through all your comments as follows: - I removed rm -rf $RPM_BUILD_ROOT in %install; it was initially generated by rpmdev-newspec. - I'm skeptic about using sed -i -e 's/\r$//g' file for DOS to UNIX conversion as it changes the original file timestamp. The three-line way of doing this preserves the file timestamp. - For licensing issues I've analyzed all the source files to see to which library(if any) each belongs. I've concluded the following results. 3way.c, rc5.c: unidentified source bf_tab.h, blowfish.c, blowfish.h: publicly available source code from http://www.di-mgt.com.au/crypto.html Bra86.c, Bra.h, LzmaDec.h, LzmaDec.c, Types.h: from lzma-sdk-devel RPM package in fedora des.c, des.h: publicly available source code from http://www.mobilec.org/ gost.c: modified from the files provided by libmcrypt RPM package in fedora idea.c: from the book Applied Cryptography. John Wiley & Sons, 1996. ISBN 0-471-11709-9. . by Bruce Schneier: (implements a patented algorithm) dunno.c, magiciso_is_shit.h, uif2iso.c: authentic sources(by uif2iso upstream themselves) loki91.c, loki.h: publicly available source code from http://www.mavi1.org/web_security/cryptography/aes-testing/loki/ seal.c: publicly available source code from http://www.mavi1.org/web_security/cryptography/General/ I've created a patch to modify the Makefile and related source files to reference the lzmasdk library(in lzma-sdk-devel library). In the case of the modified libmcrypt sources, I compared it with the sources from libmcrypt SRPM and I found huge changes. This's something I'm going to consult upstream about. I might then appeal to the FPC for an exception for libmcrypt in this package. - For uif2iso.exe, it's part of the original source zip archive and I don't know if I'm allowed to alter the original archive used to build the package. uif2iso.exe doesn't appear in any of the produced RPM packages either. Anyway I added rm uif2iso.exe in %prep to make sure it no longer exists. I've sent an email upstream asking them to include the text of the GPLv2+ license. I've also asked in the email if they can point me to libraries from which they used the source files I couldn't recognize whose original source. Finally I asked them about the version of libmcrypt they based their work and modifications on. I'm going to wait for a few days for their response. I'll then post the URL's for the fixed SPEC and SRPM files. Thanks again for your efforts and the hints you provided. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review