https://bugzilla.redhat.com/show_bug.cgi?id=1422555
Randy Barlow randy@electronsweatshop.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(giallu@gmail.com)
--- Comment #9 from Randy Barlow randy@electronsweatshop.com --- Excellent, that looks great. There is still one thing from my first review that hasn't been fixed and I also noticed one more thing upon looking more closely. These must both be fixed to be approved:
[!] Package contains no bundled libraries without FPC exception.
The package contains a subset of glibc in its gnu_regex folder. According to the packaging guidelines[0], you'll need to do a few things by my interpretation:
* Try to get the package to work with Fedora's glibc. * If the above is not possible for some reason, you must: - Put Provides: bundled(glibc) = 2.10.1 into your spec file. - Publicly contact upstream to request that they provide a way to use system glibc. - Document the public outreach in your spec file.
[!]: Development files must be in a -devel package
This is the one I mentioned upon my first review. You need to add an arduino-ctags-devel package that has all the .h files, and installs them into %{_includedir}/arduino-ctags/. However, you should not include the glibc headers from the gnu_regex folder.
You don't have to fix this in order to pass review, but I also recommend it:
[!]: Patches link to upstream bugs/comments/lists or are otherwise justified.
I recommend adding comments over your Patch0 and Patch1 lines that give a brief description of the patch, especially the CVE patch. It's a little surprising that the 5.8-11 release from November would not have a CVE from 2014 fixed.
[0] https://fedoraproject.org/wiki/Packaging:Guidelines#Bundling_and_Duplication...