https://bugzilla.redhat.com/show_bug.cgi?id=1362265 --- Comment #12 from Michal Ambroz <rebus@xxxxxxxxx> --- Thank you Antonio. Updated package: SPEC URL: https://rebus.fedorapeople.org/SPECS/yara.spec SRPM URL: https://rebus.fedorapeople.org/SRPMS/yara-3.5.0-3.fc23.src.rpm Build: https://copr.fedorainfracloud.org/coprs/rebus/infosec-rebus/build/438534/ >why do you want to have this? you're not building this package for EL5. OK, it doesn't build with 5 right now, you are right >> Source0: https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name}-%{version}-%{shortcommit}.tar.gz >if you build from commit then you should specify it in Release tag, >otherwise you should build from tag. Referring "Source" to tag-based tarball instead of commit-based tarball is "should" and not "must". Commit 74734418a256c5304ccaf1d322c57e305ff75362 is the one used for the v3.5.0 tag release - see https://github.com/VirusTotal/yara/releases So I believe marking the package as the normal release (and not the git snapshot release tag) is OK. I prefer to refer to the commit based tarbal, as it gives me easy access to any pinpoint in the github without switching the spec there and back when testing new versions or pre-releases. > #bison grammar parsers in libyara/* are licensed under ASL 2.0 and GPLv2+ license. > License: ASL 2.0 and GPLv2 > you say that it's GPLv2+, but write GPLv2 Well ... actually in the yara release 3.5.0. it is GPLv3+ for the grammar files I believe that the license of the binary package is ASL 2.0 only - so I returned it back to this value and kept the explanation in comments. As GPLv3 is incompatible to be included in ASL, but those bison-generated grammar files are also dual licensed with the original ASL license of the project by exception, so the result is ASL only. >> Requires: pkgconfig >drop this from -devel subpkg as it doesn't really need it dropped >> Requires: zlib-devel >should have %{?_isa} in the end dropped, I believe this should come from dependencies automatically >> %defattr(-,root,root,-) >drop it dropped >> Group: Development/Libraries >consider removing Group tags from all packages. Unfortunately without this build fails for RHEL6 because of that. As it is not prohibited I preffer to keep it for all packages in unconditional form due to readability. >* Missing BuildRequires: gcc added. duh ... I have to change probably all my packages I also added some more recommended by auto-buildrequire -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/package-review@xxxxxxxxxxxxxxxxxxxxxxx