https://bugzilla.redhat.com/show_bug.cgi?id=1294568 --- Comment #3 from Antonio Trande <anto.trande@xxxxxxxxx> --- (In reply to Robert Scheck from comment #2) > (In reply to Antonio Trande from comment #1) > > > - COPYING is not tagged with %license > > > > You can use %license and %doc to package all documentation files > > instead to make $RPM_BUILD_ROOT%{_pkgdocdir}. > > As per http://fedoraproject.org/wiki/EPEL:Packaging#The_.25license_tag > %license is not supported on RHEL 5 and 6. I meant, why create a $RPM_BUILD_ROOT%{_pkgdocdir} when you can use a "bogus" %license and %doc. Of course, it's at your discretion. > > > - BuildRoot and cleaning commands are not required on EPEL6 and above. > > http://fedoraproject.org/wiki/EPEL:Packaging#BuildRoot_tag > > > > - %defattr present but not needed > > Yes, but both do not hurt. Given I am also thinking about RHEL 5, the > BuildRoot tag still seems good to me. Well, leaving a comment or a note do not hurt. ;) > > > - All examples binary files are not PIE, not full RELRO. > > libmtp.so.9.3.0 is not full RELRO. > > http://fedoraproject.org/wiki/Packaging:Guidelines#PIE > > https://fedoraproject.org/wiki/Changes/Harden_All_Packages > > The change you refer to is only mandatory for Fedora >= 22, while this is > EPEL. If you would build this package on Fedora >= 22, full RELRO should be > given (like for libmtp itself). I don't see a reason to enforce a Fedora- > only related guideline on EPEL 5 and 6. Here I do not totally agree, from http://fedoraproject.org/wiki/EPEL/GuidelinesAndPolicies: > The packages in EPEL follow the Fedora Packaging and Maintenance Guidelines > that includes, but is not limited to the packaging guidelines, the package > naming guidelines and the package review guidelines that are designed and > maintained by the FESCo and Packaging Committee. EPEL-specific exceptions are > documented here and in the EPEL:Packaging page. Full RELRO and PIE (http://fedoraproject.org/wiki/Packaging:Guidelines#PIE) issue are part of packaging guidelines, I don't understand why EPEL packagers should choice what they follow or not. Also, we are talking of security issues important for EPEL too, or not? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review