https://bugzilla.redhat.com/show_bug.cgi?id=1713767 --- Comment #14 from Björn Persson <bjorn@xxxxxxxxxxxxxxxxxxxx> --- Some things I've found so far: · Please remove the condition around Source1 and Source2. Those files will be left out of the source package if verify_tarball_signature is turned off, and then that source package can't be rebuilt with verification enabled. I can't see that it will hurt to have the files present even if verification is disabled. · Would it be possible to provide a URL to the keyring? Use HTTPS if at all possible. Then anyone can verify that the keyring in the package is the same as upstream. (The build would of course still use the keyring in the Git repository.) · lib/nbd-protocol.h has a BSD license, so I think the license tag for the library becomes "LGPLv2+ and BSD". · The license tag of libnbd-devel should include the license of the examples. At the moment I'm not sure what to call that license. · There's an outdated FSF address in python/run-python-tests.in and python/t/*. Since you're the upstream author if I understand correctly, I think you should correct the address. The FSF seem to use a URL instead of a postal address nowadays. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx