review-o-matic : Fedora package review helper

[Toshio Kuratomi]

Orcan Ogetbil wrote:
> What is the status of this project? Did anyone started out writing some code? I want to contribute to this. Is there a webpage?
> 
> My opinion on this idea is, we should first write a script that displays 3 different kind of outputs:
> 
> 1- Pure automatic checks: sha1sums, %files etc. -> Display results

I agree with the three broad categories that you have but please
remember that sha1sums are only a semi-automatic check.  sha1sums of the
included tarball can be run against the source URLs listed in the spec
file but those Source URLs must be checked by a human.  A computer will
gloss over::
  Source0: http://crackz.com/foo.tar.gz

but a human can check via google, mailing lists, and other distros to
see that the Source url is canonical.

> 2- Semi-automatic checks: For instance, the script will check for static libraries in the build. -> Display results (If there are static libraries then it will warn the reviewer so he can check for the necessity of them.)
> 3- Purely manual checks: Not everything in the guidelines is easy to implement. Hence after the script is done, it will tell the reviewer what else needs to be checked manually.
> 
> As time goes more features can be implemented and more items from 3 can be shifted into 1 or 2. We will need to build a powerful parser. I think some code can be borrowed from rpmlint.
> 

-Toshio

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20081101/2efad523/attachment.bin