[Bug 571816] Review Request: clamav-unofficial-sigs - Scripts to download unoffical clamav signatures

bugzilla at redhat.com bugzilla at redhat.com
Thu Dec 23 18:29:25 UTC 2010 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=571816

Jason Tibbitts <tibbs at math.uh.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
         AssignedTo|nobody at fedoraproject.org    |tibbs at math.uh.edu
               Flag|                            |fedora-review?

--- Comment #6 from Jason Tibbitts <tibbs at math.uh.edu> 2010-12-23 13:29:23 EST ---
Sure, I can review it.

There's not really much to this package; it builds fine and rpmlint has only
the expected complaints about nonstandard uid and gits, as well as two
complaints about missing manpages.  There is actually a manpage, but for some
reason it has a different name than the actual executable.  Is there any
specific reason for that?  Seems to be something of a mistake by upstream.

I'm pretty sure I traced down the clamav dependencies properly to make sure
that the user will be present before this package is installed.  The clamav
package is so terrible, however, that I might have missed something.

I'm not entirely sure why the executables in /usr/bin need to be owned by the
clamupdate user.  Can you clarify?  The current situation leads to them being
writable by clamupdate, which I don't think is a particularly good idea.

The %post scriptlet is decidedly not sane.  Every time this package is updated,
a file which you've explicitly marked as %config(noreplace) will be modified if
it includes the string "45".  Why not use the existing random wait
functionality already in the software?

* source files match upstream.  sha256sum:
  7f8de46da43d8edd06ee1dcd1bc4563e61b23c9bbd368ccf0265576e46f4d90c
   clamav-unofficial-sigs-3.7.1.tar.gz
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* license field matches the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper.
* package builds in mock (rawhide, x86_64).
* package installs properly.
* rpmlint has acceptable complaints.
* final provides and requires are sane:
   config(clamav-unofficial-sigs) = 3.7.1-1.fc15
   clamav-unofficial-sigs = 3.7.1-1.fc15
  =
   /bin/sh  
   bind-utils  
   clamav  
   config(clamav-unofficial-sigs) = 3.7.1-1.fc15
   curl  
   diffutils  
   gnupg  
   rsync  

* no bundled libraries.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
* no generically named files
X scriptlets are not sane.
* code, not content.
* documentation is small, so no -doc subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list