Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Merge Review: pam https://bugzilla.redhat.com/show_bug.cgi?id=226228 kevin@xxxxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Flag|fedora-review? |fedora-review+ ------- Additional Comments From kevin@xxxxxxxxx 2008-01-22 00:25 EST ------- >> 1. I see that upstream is named Linux-PAM. Perhaps consider re-naming it? >I don't think it's worth the hassle - on the administrative side and on the >users' confusion side as well. Yeah, likely so... just thought I would mention it. >> 2. Might add a comment about why this package needs it's own private copy >> of the db package. >OK, I've extended the comment on line 76. Great, thanks! >> 3. shouldn't the license of pam_tty_audit.c be GPLv2 per RedHat guidelines? >No, this module will be upstreamed in the next upstream release, so it should >keep the preferred upstream licence. ok. Fair enough. >> 4. Can some of the tests and such be moved from the install section to a %test >> section? >> like the dlopen tests and so forth. >What is the %test section good for? I cannot find any mention of %test anywhere. >I'd prefer to have these simple tests run as part of the build/install process, >they are pretty simple and fast. Sorry, my mistake there. I meant a %check section... http://www.rpm.org/max-rpm-snapshot/s1-rpm-inside-scripts.html#S3-RPM-INSIDE-CHECK-SCRIPT >> 5. Might ask upstream to include a copy of the GPL COPYING file too. >Will do. Thanks. >> 6. Why strip the binaries? >> # Forcibly strip binaries. >> strip $RPM_BUILD_ROOT%{_sbindir}/* ||: >> >> debuginfo should pull that out. >That is a workaround hack for an old problem with rpmbuild where it didn't strip >setuid binaries. Removed. Great, thanks. >> 7. Might note that we can depreciate the pre/post hacks for USEMD5 after a while. >They are not too useful anymore and even can break things. Removed. Great, thanks. >> 8. No need to require 'coreutils'. >Why not? I need 'install' in %post http://fedoraproject.org/wiki/Packaging/Guidelines#Exceptions coreutils is in the base build env. >> 9. 15 open bugs >> You might look at https://bugzilla.redhat.com/show_bug.cgi?id=218063 >WONTFIXed - current rpm shouldn't complain anymore >> and https://bugzilla.redhat.com/show_bug.cgi?id=428444 in particular. >NOTABUG - there is already BuildRequires: libtool ok. >> 10. rpmlint says: >> >> pam.src:212: E: use-of-RPM_SOURCE_DIR >> >> You should be able to remove the following lines from prep: >> cp %{SOURCE5} . >> cp %{SOURCE6} . >> cp %{SOURCE7} . >> >> Just refer to the sources directly when installing. >Both changes done. Great, thanks. >> Ignore: >> >> pam.src:246: E: hardcoded-library-path in $RPM_BUILD_ROOT/lib/security >> pam.src:327: E: hardcoded-library-path in /lib/security >> pam.src: W: strange-permission dlopen.sh 0755 >> pam.x86_64: E: setuid-binary /sbin/pam_timestamp_check root 04755 >> pam.x86_64: E: non-standard-executable-perm /sbin/pam_timestamp_check 04755 >> pam.x86_64: E: executable-marked-as-config-file /etc/security/namespace.init >> pam.x86_64: E: non-readable /sbin/unix_update 0700 >> pam.x86_64: E: non-standard-executable-perm /sbin/unix_update 0700 >> pam.x86_64: E: setuid-binary /sbin/unix_chkpwd root 04755 >> pam.x86_64: E: non-standard-executable-perm /sbin/unix_chkpwd 04755 >> pam.x86_64: E: non-readable /etc/security/opasswd 0600 >> pam.x86_64: W: log-files-without-logrotate /var/log/faillog >> pam.x86_64: W: conffile-without-noreplace-flag /etc/security/console.perms >> pam.x86_64: W: conffile-without-noreplace-flag >> /etc/security/console.perms.d/50-default.perms >> pam.x86_64: W: dangerous-command-in-%post rm >> pam.x86_64: E: zero-length /etc/security/opasswd >> >> Fix if you like: >> >> pam.src: W: mixed-use-of-spaces-and-tabs (spaces: line 130, tab: line 137) >> >> 11. Might add a %{?_smp_mflags} to make? >Unfortunately pam doesn't build with it yet. I'll fix the Makefiles in future >and add this then. Great. You might add a comment to the spec when you get a chance mentioning this so it's not added in before it's ready upstream. > >Fixes are in pam-0.99.8.1-15.fc9. > Looks good. You might revisit items 4, 8 and 11, but none of them are blockers at all. I see no further issues, so this package is APPROVED. Feel free to close RAWHIDE when you have looked at 4, 8 and 11 again. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review