https://bugzilla.redhat.com/show_bug.cgi?id=1329668 Alan Conway <aconway@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aconway@xxxxxxxxxx --- Comment #2 from Alan Conway <aconway@xxxxxxxxxx> --- (In reply to Irina Boverman from comment #1) > nodejs-rhea.noarch: E: devel-dependency nodejs-debug > Your package has a dependency on a devel package but it's not a devel package > itself. Possibly we need a separate devel and runtime package. Examples, developer doc, debugging tools and tests should not be part of a runtime package. However nodejs conventions may override here - Gordon's call. > nodejs-rhea.noarch: W: only-non-binary-in-usr-lib > There are only non binary files in /usr/lib so they should be in /usr/share. > > nodejs-rhea.noarch: W: pem-certificate > /usr/share/doc/nodejs-rhea/examples/tls/ca-cert.pem > Shipping a PEM certificate is likely wrong. If used for the default > configuration, this is insecure ( since the certificate is public ). If this > is used for validation, ie a CA certificate store, then this must be kept up > to date due to CA compromise. The only valid reason is for testing purpose, > so > ignore this warning if this is the case. example/doc/tests are not normally allowed in runtime packages, so again maybe a seprate -devel package? > /usr/lib/node_modules/rhea/test/server-cert.pem > Shipping a PEM certificate is likely wrong. If used for the default > configuration, this is insecure ( since the certificate is public ). If this > is used for validation, ie a CA certificate store, then this must be kept up > to date due to CA compromise. The only valid reason is for testing purpose, > so > ignore this warning if this is the case. Again tests in a runtime package is very strange, but maybe normal in the nodejs world. Suggest digging around a few popular nodejs RPMs to see what is normal. > nodejs-rhea.noarch: W: dangling-symlink > /usr/lib/node_modules/rhea/node_modules/debug /usr/lib/node_modules/debug Delete the symlink, that is just an error. > Alan, Gordon, what do you think? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/package-review@xxxxxxxxxxxxxxxxxxxxxxx