https://bugzilla.redhat.com/show_bug.cgi?id=2196274 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |zbyszek@xxxxxxxxx Assignee|nobody@xxxxxxxxxxxxxxxxx |zbyszek@xxxxxxxxx Flags| |fedora-review? --- Comment #5 from Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> --- This isn't really relevant for the review, but a hint to save work: > # https://github.com/actor-framework/actor-framework/commit/db5fd0b2f56e4df14fe9a407f0461d1c34c42fbd > Patch0: actor-framework-fix-tools.patch I'd write this as Patch: https://github.com/actor-framework/actor-framework/commit/db5fd0b2f56e4df14fe9a407f0461d1c34c42fbd.patch This has the advantage that 'spectool -g *.spec' will just download the file without further ado. > License: BSD-3-Clause OR BSL-1.0 I think this needs to be "AND" instead. The sources are under the first license, but they are also combined with some other (header) files to form the compiled product. The result must then satisfy both licenses, i.e. is under the first and the second license. > actor-framework-tools.x86_64: W: no-manual-page-for-binary caf-run > actor-framework-tools.x86_64: W: no-manual-page-for-binary caf-vec > actor-framework-devel.x86_64: W: no-documentation > actor-framework-tools.x86_64: W: no-documentation Meh. > actor-framework.x86_64: W: crypto-policy-non-compliance-openssl /usr/lib64/libcaf_openssl.so.0.19.1 SSL_CTX_set_cipher_list This one is fairly problematic. The code does: SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!MD5") https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_cc_applications says: > check the source code for SSL_CTX_set_cipher_list(). If it is not present then nothing needs to be done (the default is used). Otherwise, if that call is present and provided a fixed string which does not contain PSK or SRP, replace the string with "PROFILE=SYSTEM", or remove the call. > 6 packages and 0 specfiles checked; 0 errors, 5 warnings, 0 badness; has taken 1.3 s Quoting Frostyx's review service: Requires (with glibc and linker stuff removed) -------- actor-framework (rpmlib, GLIBC filtered): libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) libcrypto.so.3()(64bit) libcrypto.so.3(OPENSSL_3.0.0)(64bit) libssl.so.3()(64bit) libssl.so.3(OPENSSL_3.0.0)(64bit) actor-framework-devel (rpmlib, GLIBC filtered): actor-framework(x86-64) cmake-filesystem(x86-64) libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) libcaf_net.so.0.19.1()(64bit) libcaf_openssl.so.0.19.1()(64bit) actor-framework-tools (rpmlib, GLIBC filtered): actor-framework(x86-64) libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) actor-framework-debuginfo (rpmlib, GLIBC filtered): actor-framework-debugsource (rpmlib, GLIBC filtered): Provides -------- actor-framework: actor-framework actor-framework(x86-64) libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) libcaf_net.so.0.19.1()(64bit) libcaf_openssl.so.0.19.1()(64bit) actor-framework-devel: actor-framework-devel actor-framework-devel(x86-64) cmake(CAF) cmake(caf) actor-framework-tools: actor-framework-tools actor-framework-tools(x86-64) Looks all good. (Or even better than "good". The spec file is very clean.) + package name is OK + license is acceptable for Fedora (BSD-3-Clause) - license is specified correctly (see above) + builds and installs OK + BR/P/R look correct + no scriptlets needed or present - rpmlint finds one issue (see above) -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2196274 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
