Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=459088 --- Comment #28 from Lev Shamardin <shamardin@xxxxxxxxx> 2008-11-11 08:54:30 EDT --- (In reply to comment #25) > Unless you provide the concrete case for this package I strongly > disagree (packaging guidelines say that the "compelling reason" > must be provided) > (If you still want I probably have to ask for FESCo: > https://fedoraproject.org/wiki/Packaging/Guidelines#Staticly_Linking_Executables > ) The link above prohibits static linking of executables, and I completely agree with this policy. But I don't understand how does this prohibit providing -static library packages without any statically linked executables. > > and for these cases having > > static libraries packaged saves you from rebuilding the required > > libraries yourself. > > This is exactly why we think we must _not_ provide static archives unless > avoided. > Using static archives will cause problem when some security > issues or so are found in protobuf and people forget that they are > using old static protobuf archive, for example. Are we supposed to fix all potential security issues in the universe? Potential security issues in fedora packages are effectively handled in this case with the policy of prohibiting static linking of *executables*, because in this case the number of statically linked packages in fedora is minimal. But if the local administrator decides to build something locally against a -static library, he surely has a Reason to do this, and he has to perform some additional non-standard steps to do this (install -static subpackage), and of course he understands the drawbacks. If I want to make a statically linked executable for my local system not providing a -static subpackage just adds some additional inconvenience for me, but will never stop from static linkage, because I will simply build the static library myself. To summarize, there are no statically linked *executables* in protobuf-* packages, so I think that the policy is fulfilled. > > > > !!For -vim subpackage > > > ! Neither of %_datadir/vim/vimfiles/{ftdetect,syntax} are owned > > > by any packages, however I will ask vim maintainer about this. > > > > > > > Any news on this item? > Oops, completely forgotton, I will surely ask later... > > > > ------------------------------------------------------ > > > Additional remark about python subpackage: > > > The -python subpackage should not depend on the base package or any other > > > packages because it is a pure python implementation. > > > ------------------------------------------------------ > > > - Well, for technical discussion, does this mean that there will > > > be no problem even if the installed version of protobuf and > > > protobuf-python differ? (if you don't write Requires this > > > can happen). > > > This discussion can be applied for -java subpackage. > > > > From my point of view, the only possible problem is that someone can > > finish using newer protobuf-compiler with older python/java > > bindings. Both java and python implementations are usable as a runtime > > without any C++ code, you only need corresponding version of > > protobuf-compiler for development. > > Then you should ensure that the trouble you mentioned here won't happen. > * One method is to make -compiler subpackage have: > ----------------------------------------------------- > Conflicts: %{name}-java < %{version} > Conflicts: %{name}-java > %{version} > ----------------------------------------------------- > or so. I've added Conflicts: %{name}-compiler > %{version} Conflicts: %{name}-compiler < %{version} to -java and -python subpackages. (In reply to comment #26) > Well, for -2: > > * License > - Well protobuf.pc.in is still under ASL 2.0 > You should ask the author to change the license > of this file I removed the license header from the file, leaving only Copyright notice, as the author suggested. > * BuildRequires > - This package won't build without > "BuildRequires: python-setuptools-devel" (note: here > I don't say about Requires). Fixed. However this is strange, since it did build successfully in mock on my Fedora 8 system. > > * Requires > - "Requires: %{name}-java-%{version}-%{release}" should be > "Requires: %{name}-java = %{version}-%{release}" Fixed. > > * rpmlint issue > ** non-standard-group > - Group "Development/Documentation" should simply be > "Documentation". Fixed. > > ** non-executable-script > ------------------------------------------------------------ > E: non-executable-script > /usr/lib/python2.5/site-packages/google/protobuf/descriptor_pb2.py 0644 > ------------------------------------------------------------ > - If this script are not meant to be executed by user directly, > then this script must not have shebang (anyway the shebang > #!/usr/bin/python2.4 is wrong because we use python 2.5) This was in the protoc-generated code. It should be properly fixed in the upstream code, I've submitted a bug report: http://code.google.com/p/protobuf/issues/detail?id=56 Meanwhile, I've modified the %build step to fix this. I've finally converted this package to use gtest library. Updated SPEC: http://shamardin.googlepages.com/protobuf.spec New SRPM: http://shamardin.googlepages.com/protobuf-2.0.2-3.fc8.src.rpm * Tue Nov 11 2008 Lev Shamardin <shamardin@xxxxxxxxx> - 2.0.2-3 - Added conflicts to java and python subpackages to prevent using with wrong compiler versions. - Fixed license. - Fixed BuildRequires for -python subpackage. - Fixed Requires and Group for -javadoc subpackage. - Fixed Requires for -devel subpackage. - Fixed issue with wrong shebang in descriptor_pb2.py. - Specify build options via --with/--without. - Use Fedora-packaged gtest library instead of a bundled one by default (optional). -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review