https://bugzilla.redhat.com/show_bug.cgi?id=1468768 --- Comment #2 from Ben Rosser <rosser.bjr@xxxxxxxxx> --- Apologies for not getting to this sooner. * rpmlint complains that you are shipping a PEM certificate. However looking at the domoticz documentation, it explicitly references that domoticz will use this cert if a separate one is not provided, so this is probably fine. > domoticz.x86_64: W: pem-certificate /usr/share/domoticz/server_cert.pem > Shipping a PEM certificate is likely wrong. If used for the default > configuration, this is insecure ( since the certificate is public ). If this > is used for validation, ie a CA certificate store, then this must be kept up > to date due to CA compromise. The only valid reason is for testing purpose, so > ignore this warning if this is the case. * As per https://fedoraproject.org/wiki/Packaging:UsersAndGroups?rd=Packaging/UsersAndGroups#Dynamic_allocation, please add "Requires(pre): shadow-utils" since this package creates a user and a group. > False positive. The python scripts shipped are not compiled or used and are for extra functionality not supported in the app and I include them if any advanced users which to use them. $ ls rpms-unpacked/domoticz-3.5877-1.fc27.x86_64.rpm/usr/share/domoticz/scripts/python/ -l total 56 -rw-r--r-- 1 bjr bjr 3887 Nov 10 2016 domoticz.py -rw-r--r-- 2 bjr bjr 5350 Jul 16 19:57 domoticz.pyc -rw-r--r-- 2 bjr bjr 5350 Jul 16 19:57 domoticz.pyo -rw-r--r-- 1 bjr bjr 1993 Nov 10 2016 googlepubsub.py -rw-r--r-- 2 bjr bjr 1792 Jul 16 19:57 googlepubsub.pyc -rw-r--r-- 2 bjr bjr 1792 Jul 16 19:57 googlepubsub.pyo -rw-r--r-- 1 bjr bjr 1116 Nov 10 2016 reloader.py -rw-r--r-- 2 bjr bjr 1458 Jul 16 19:57 reloader.pyc -rw-r--r-- 2 bjr bjr 1458 Jul 16 19:57 reloader.pyo -rw-r--r-- 1 bjr bjr 1206 Nov 10 2016 script_device_PIRsmarter.py -rw-r--r-- 2 bjr bjr 850 Jul 16 19:57 script_device_PIRsmarter.pyc -rw-r--r-- 2 bjr bjr 850 Jul 16 19:57 script_device_PIRsmarter.pyo They look compiled to me. :) I would include the BRs just to be safe. * fedora-review also complains about the perl scripts, but I think this one is safe to ignore, assuming the Perl scripts are also not used for anything. Note: Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) missing?" * I'm dubious about the licensing being okay-- there are a lot of different licenses listed in the full licensecheck output [1]. Are you sure that, for example, the Boost-licensed files (marked by fedora-review as "BSL") in the "webserver" directory aren't being compiled? If they are, the license must be annotated accordingly. To be explicit about this, I would recommend removing the bits that are bundled in %prep and cross-checking with the licensecheck output. Further complicating things, there is a large amount of content in /usr/share/domoticz/www, including a number of gzip-compressed JS libraries in /usr/share/domoticz/www/js, and a variety of fonts scattered throughout the directory as well. Please: - Investigate unbundling the fonts. Hopefully this is possible, but if not please confirm that the fonts are appropriately licensed via "ttname" as per the fonts policy [2]. - Go through the bundled JS libs, identify their licenses, add bundled provides, and amend the License: tag of the package accordingly. (I would bet most are MIT licensed). Having had to do this myself before, I know it's mostly frustrating busywork; I'm sorry to have to ask for it, but the guidelines are clear. :( Otherwise the package looks fine-- I'll be happy to approve it after you run through the licensing. [1] https://paste.fedoraproject.org/paste/0ooMd0mofqGpnxIoTSTx3g [2] https://fedoraproject.org/wiki/Packaging:FontsPolicy#Licensing_Information_in_Metadata -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
