https://bugzilla.redhat.com/show_bug.cgi?id=2184883 Fabio Valentini <decathorpe@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |decathorpe@xxxxxxxxx Status|NEW |ASSIGNED Assignee|nobody@xxxxxxxxxxxxxxxxx |decathorpe@xxxxxxxxx Flags| |fedora-review? --- Comment #5 from Fabio Valentini <decathorpe@xxxxxxxxx> --- There are some immediate problems I see: 1. The package seems to bundle code from the native-tls crate without documenting why or declaring its license correctly. The crate metadata says `license = "ISC"` but the crate clearly bundles code that is licensed MIT, so that should probably be `license = "ISC AND MIT"`. You might want to ask the upstream project why they're bundling part of the native-tls crate instead of depending on it directly, and notify them that the license in their crate's metadata is incomplete and / or wrong. 2. You should not point Source or Patch URLs at temporary GitHub projects. In fact, you don't need to provide a URL for patches at all (unless they are 1:1 backports of upstream commits, for example). rust2rpm also automates part of this process, you might want to use "rust2rpm -p" instead of manually creating the patch and adding it. (It's also missing an explanatory comment what the patch does, something like "relax serde dev-dependency that is too strict".) 3. Some subpackages that are built from this package are not installable in Fedora: Problem 1: conflicting requests - nothing provides (crate(openssl/vendored) >= 0.10.29 with crate(openssl/vendored) < 0.11.0~) needed by rust-minreq+https-bundled-devel-2.7.0-1.fc39.noarch Problem 2: conflicting requests - nothing provides (crate(punycode/default) >= 0.4.1 with crate(punycode/default) < 0.5.0~) needed by rust-minreq+punycode-devel-2.7.0-1.fc39.noarch Problem 3: package rust-minreq+https-bundled-probe-devel-2.7.0-1.fc39.noarch requires crate(minreq/https-bundled) = 2.7.0, but none of the providers can be installed - conflicting requests - nothing provides (crate(openssl/vendored) >= 0.10.29 with crate(openssl/vendored) < 0.11.0~) needed by rust-minreq+https-bundled-devel-2.7.0-1.fc39.noarch The "vendored" feature of the "openssl" crate is not available in Fedora, since we cannot ship a vendored copy of OpenSSL sources and must link to system OpenSSL instead. You will need to patch out the "https-bundled" feature from this crate. The other problem points to a missing dependency (punycode), which is not packaged for Fedora yet. 4. Tests are disabled without giving a reason for it. Since all dev-dependencies are available in Fedora, I assume you disabled running tests because they fail? Please add an explanation for why that is the case, or - if possible - instead, enable tests, but skip those that fail for expected reasons (for example, because they need internet access, or because they require test files that are not included with published crate tarballs). 5. This crate depends on a lot of rustls projects for optional features. These crates are only available on limited architectures (due to limited cross-platform functionality of the underlying "ring" crate). You will need to take this into account in some way or another (possibly by only building this crate on x86_64, aarch64, and i686, or removing the features that depend on rustls - unless you are packaging something that uses the rustls features, of course). === Upon further inspection, it looks like you're packaging this crate in order to update the encode_unicode crate. You might want to just remove the "minreq" dependency there, instead: It appears to only be used in benchmark code (which we neither build nor run during RPM builds), and which would also need internet access to work: https://github.com/tormol/encode_unicode/blob/master/benches/length.rs === Side note: Are you trying to update the prettytable-rs crate? You might need to coordinate this with rpick package / upstream, which currently depends on an old version. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2184883 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue