https://bugzilla.redhat.com/show_bug.cgi?id=1329668 --- Comment #1 from Irina Boverman <iboverma@xxxxxxxxxx> --- Rebased to 0.1.2. Added %check section and tests. SRPM URL: https://copr-be.cloud.fedoraproject.org/results/irina/nodejs-rhea/fedora-rawhide-x86_64/00183010-nodejs-rhea/ Output of rpmlint: $ rpmlint -i nodejs-rhea-0.1.2-1.fc25.noarch.rpm nodejs-rhea.noarch: E: devel-dependency nodejs-debug Your package has a dependency on a devel package but it's not a devel package itself. nodejs-rhea.noarch: W: only-non-binary-in-usr-lib There are only non binary files in /usr/lib so they should be in /usr/share. nodejs-rhea.noarch: W: pem-certificate /usr/share/doc/nodejs-rhea/examples/tls/ca-cert.pem Shipping a PEM certificate is likely wrong. If used for the default configuration, this is insecure ( since the certificate is public ). If this is used for validation, ie a CA certificate store, then this must be kept up to date due to CA compromise. The only valid reason is for testing purpose, so ignore this warning if this is the case. nodejs-rhea.noarch: W: pem-certificate /usr/share/doc/nodejs-rhea/examples/tls/server-cert.pem Shipping a PEM certificate is likely wrong. If used for the default configuration, this is insecure ( since the certificate is public ). If this is used for validation, ie a CA certificate store, then this must be kept up to date due to CA compromise. The only valid reason is for testing purpose, so ignore this warning if this is the case. nodejs-rhea.noarch: W: pem-certificate /usr/lib/node_modules/rhea/test/server-cert.pem Shipping a PEM certificate is likely wrong. If used for the default configuration, this is insecure ( since the certificate is public ). If this is used for validation, ie a CA certificate store, then this must be kept up to date due to CA compromise. The only valid reason is for testing purpose, so ignore this warning if this is the case. nodejs-rhea.noarch: W: pem-certificate /usr/share/doc/nodejs-rhea/examples/tls/client-cert.pem Shipping a PEM certificate is likely wrong. If used for the default configuration, this is insecure ( since the certificate is public ). If this is used for validation, ie a CA certificate store, then this must be kept up to date due to CA compromise. The only valid reason is for testing purpose, so ignore this warning if this is the case. nodejs-rhea.noarch: W: pem-certificate /usr/lib/node_modules/rhea/test/ca-cert.pem Shipping a PEM certificate is likely wrong. If used for the default configuration, this is insecure ( since the certificate is public ). If this is used for validation, ie a CA certificate store, then this must be kept up to date due to CA compromise. The only valid reason is for testing purpose, so ignore this warning if this is the case. nodejs-rhea.noarch: W: pem-certificate /usr/lib/node_modules/rhea/test/client-cert.pem Shipping a PEM certificate is likely wrong. If used for the default configuration, this is insecure ( since the certificate is public ). If this is used for validation, ie a CA certificate store, then this must be kept up to date due to CA compromise. The only valid reason is for testing purpose, so ignore this warning if this is the case. nodejs-rhea.noarch: W: dangling-symlink /usr/lib/node_modules/rhea/node_modules/debug /usr/lib/node_modules/debug The target of the symbolic link does not exist within this package or its file based dependencies. Verify spelling of the link target and that the target is included in a package in this package's dependency chain. 1 packages and 0 specfiles checked; 1 errors, 8 warnings. Not sure if I need to do anything about them... Alan, Gordon, what do you think? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/package-review@xxxxxxxxxxxxxxxxxxxxxxx