https://bugzilla.redhat.com/show_bug.cgi?id=1173773 --- Comment #9 from Adam Williamson (Fedora) <adamw+fedora@xxxxxxxxxxxxxxxxx> --- "I understand why you were confused by PSR-4: you forget the <vendor> part in the installation tree ;)" Huh. Well, no, I didn't forget it - I was sure I checked the source and it was just namespace IniGetWrapper . But now I look at it again and it's not. Odd. I'd say PSR-4 does not really require the library be namespaced by vendor. It only strictly requires it to have a namespace. It says the top-level namespace is "also known as a "vendor namespace"", but doesn't really make the leap to *requiring* the top-level namespace name to be a 'vendor'. It only strictly requires a top-level namespace and a class name. Quote: "A fully qualified class name has the following form: \<NamespaceName>(\<SubNamespaceNames>)*\<ClassName> The fully qualified class name MUST have a top-level namespace name, also known as a "vendor namespace". The fully qualified class name MAY have one or more sub-namespace names. The fully qualified class name MUST have a terminating class name." But we're not really discussing the review, at this point...:) On the github thing, frankly I find the policy extremely ambiguous, and I'm not really sure which way to read it. It says: "Github provides a mechanism to create tarballs on demand, either from a specific commit revision, or from a specific tag. If the upstream does not create tarballs for releases, you can use this mechanism to produce them. If the upstream does create tarballs you should use them as tarballs provide an easier trail for people auditing the packages." There's a thread on packaging list: https://lists.fedoraproject.org/pipermail/packaging/2014-September/010288.html I used to read it as requiring the use of a commit id for all github sources, but I'm really not so sure any more, as that seems a fairly absurd policy and I'm not sure it was ever the intent. The v1.0.1.tar.gz tarball comes from the releases page: https://github.com/bantuXorg/php-ini-get-wrapper/releases I really think the bit of the guideline about "If the upstream does not create tarballs" and "If the upstream does create tarballs" needs clarifying, I don't find it at all easy to interpret. I really kind of hate those commit ID tarballs and would much prefer to use the v1.0.1.tar.gz one if at all possible. I'll fix up the other bits, thanks (I haven't been following FPC changes lately, I did have a quick look at the review guidelines the other day and I don't think the license thing has been changed). -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review