[Bug 2315886] Review Request: valijson - Header-only JSON Schema validation library for C++11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=2315886



--- Comment #5 from Ben Beasley <code@xxxxxxxxxxxxxxxxxx> ---
(In reply to Sandro from comment #3)
> >   Then, to be strictly correct:
> > 
> >     # include/valijson/compat/optional.hpp is derived/forked from an unknown
> >     # release of the Boost.Optional library
> >     Provides:       bundled(boost)
> 
> This feels very strict seeing this is concerning a single header file. Is it
> even true? The package is not providing any binaries, nor libraries, etc.?
> I'd rather not add the Provides. I'd be happy to add a comment regarding
> that file, though.

I tend to be stricter than most on indicating bundling. When considering
whether
it’s worth considering forked or “inspired by” code as bundling, I tend to ask
myself, “If a serious bug were discovered in the original code, how likely is
it
that this code would also be affected?” But there is room for nuance and
subjective judgement here.

In general, a single copied header file can certainly constitute bundling.
I would tend not to consider it bundling if the header is mostly function
signatures, but Boost.Optional is a header-only (sub)library within boost.
The contents of this header file are nontrivial, and are compiled into
anything that uses the header-only library in a C++ standard mode earlier
than C++17. The only differences between this and including a massive
amalgamated single-file header-only library like nlohmann_json.hpp are
(1) scale, and (2) the degree of copying from the original implementation.

On second look, this second point – the degree of copying from the original
implementation – does appear persuasive in this case. The header comment says
“The idea and interface is based on Boost.Optional library,” and it seems
fair to say that it appears more “inspired by” than “copied from”
Boost.Optional. I think this is a good argument that it’s not necessary to
indicate bundling in this case.

In any case, it looks like you’ve accounted for the license in this file, which
is the really necessary part.

(In reply to Sandro from comment #4)
> Spec URL: https://gui1ty.fedorapeople.org/review/valijson.spec
> SRPM URL:
> https://gui1ty.fedorapeople.org/review/valijson-1.0.3-8.fc42.src.rpm
> 
> Changes have been implemented as per above comments. This release also
> "fixes" the tests. It turned out the release of the test suite was too far
> ahead of what upstream is using. I'm now using the exact same version as
> upstream.

Thanks! I’m glad you were able to figure out the issue with the tests.
I’ll revisit this review as soon as I have a little time.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
https://bugzilla.redhat.com/show_bug.cgi?id=2315886

Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202315886%23c5

-- 
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux