Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: nikto - Web server scanner https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239097 ------- Additional Comments From faucamp@xxxxxxxxxx 2007-05-28 11:39 EST ------- Ok, doing review: MUST items: * rpmlint is silent * package and spec file are named well * package meets Packaging Guidelines * package contains code licensed under the GPL, license file included * package contains code NOT licensed under the GPL. The following is the license contained in the *.db files: # This file may only be distributed and used with the full Nikto package. # This file may not be used with any software product without written permission from CIRT, Inc. # (c) 2001-2007 CIRT, Inc., All Rights Reserved. # By sending any database updates to CIRT, Inc., it is assumed that you # grant CIRT, Inc., the unlimited, non-exclusive right to reuse, modify and relicense the changes. IMO this is acceptable, since the content (the plugin db's) are freely distributable along with (and for use with) the nikto package (however, IANAL), but it does impact the license of RPM as a whole (see next point) X* "License" field in spec is MOSTLY correct (applies to code, not the content) !* license file is included in %doc (might want to add a second one, see NOTES below) * spec file is written in American English and legible * package source md5sum matches upstream source: d70107deb225489ecf20e2b46684674e nikto-1.36.tar.bz2 * package is noarch, builds successfully * BuildRequires are good X* Unnecessary "Requires" entry (see comment #6) * package handles locales properly (no locales) * package has no need for %post and %postun sections * package is not relocatable * package owns directories it creates * no duplicate entries in %files * file permissions are good * proper %clean section * spec file macros are used consistently !* package contains GPL'ed code a content under a different license * no -doc, -devel subpackages necessary X- some docs are missing (see NOTES below) * contents in %doc not required for runtime functionality of application SHOULD items: * package builds in mock (fc6/i386) * package functions properly NOTES: Patches: Do note that the "nikto-1.36-config.patch" patch hardcodes the package's config file location. There at least needs to be a comment about this in the spec; if someone moved %{_sysconfdir} they would want to know why the package won't work anymore... What I would recommend, however, is removing the patch, and replacing it with sed scripts in %prep, making use of RPM's macros. For example, the following line (if used in %prep) would do what the first entry in the patch does, except that the package just needs to be rebuilt (without modification) if any dir locations ever change: sed -i "s:$CFG{configfile}=\"config.txt\":$CFG{configfile}=\"%{_sysconfdir}/nikto/config\":" nikto.pl Docs: Maybe include the READE_plugins.txt file? It might be outdated, but its the only plug-in documentation in the package... License: As the content is licensed under a GPL-incompatible license, and CIRT only allows for the distribution of the necessary plugin content along with the FULL nikto package, you will have to change the "License" field of the RPM to something like "Custom, see LICENSE.txt" (or whatever file is appropriate). Also, I would recommend adding a "database-license.txt" (or something similar) file containing the license information to %doc (the license is in the header of each .db file). rpmlint is going to moan about such a "custom" License field entry, but it's unavoidable here. Other than these points, the package looks good. Fix the mentioned issues (or argue against them ;-) ), and I'll approve the package. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review