[Bug 555655] Review Request: sslstrip - tool that provides a demonstration of HTTPS stripping attacks

bugzilla at redhat.com bugzilla at redhat.com
Tue Jul 20 14:45:54 UTC 2010 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=555655

manuel wolfshant <wolfy at nobugconsulting.ro> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
          QAContact|extras-qa at fedoraproject.org |wolfy at nobugconsulting.ro
               Flag|                            |fedora-review?

--- Comment #1 from manuel wolfshant <wolfy at nobugconsulting.ro> 2010-07-20 10:45:50 EDT ---
Package Review
==============

Key:
 - = N/A
 x = Check
 ! = Problem
 ? = Not evaluated

=== REQUIRED ITEMS ===
 [x] Package is named according to the Package Naming Guidelines.
 [x] Spec file name must match the base package %{name}, in the format
%{name}.spec.
 [x] Package meets the Packaging Guidelines.
 [x] Package successfully compiles and builds into binary rpms on at least one
supported architecture.
     Tested on: EL6/x86_64
 [x] Rpmlint output:
source RPM:
sslstrip.src: W: summary-not-capitalized C tool that provides a demonstration
of HTTPS stripping attacks
=> cosmetic, please fix before importing the package in CVS

sslstrip.src: W: spelling-error %description -l en_US Marlinspike -> Marlin
spike, Marlin-spike, Marlinespike
sslstrip.src: W: spelling-error %description -l en_US favicon -> falcon,
faction, favorite
=> bogus

sslstrip.src: W: no-cleaning-of-buildroot %install
=> old rpmlint, new fedora rules

sslstrip.src:13: W: mixed-use-of-spaces-and-tabs (spaces: line 13, tab: line 2)
=> cosmetic, please fix before importing the package in CVS
1 packages and 0 specfiles checked; 0 errors, 5 warnings.

binary RPM:
sslstrip.noarch: W: summary-not-capitalized C tool that provides a
demonstration of HTTPS stripping attacks
=> will get fixed once the first warning above is fixed
sslstrip.noarch: W: spelling-error %description -l en_US Marlinspike -> Marlin
spike, Marlin-spike, Marlinespike
sslstrip.noarch: W: spelling-error %description -l en_US favicon -> falcon,
faction, favorite
=> bogus

1 packages and 0 specfiles checked; 0 errors, 3 warnings.

 [x] Package is not relocatable.
 [x] Package is licensed with an open-source compatible license and meets other
legal requirements as defined in the legal section of Packaging Guidelines.
 [x] License field in the package spec file matches the actual license.
     License type: GPLv3+
 [x] If (and only if) the source package includes the text of the license(s) in
its own file, then that file, containing the text of the license(s) for the
package is included in %doc.
 [x] Spec file is legible and written in American English.
 [x] Sources used to build the package match the upstream source, as provided
in the spec URL.
     SHA1SUM of source file: 7219328b4d43d96b7a0d629355fd818310d61c9b 
sslstrip-0.7.tar.gz
 [x] Package is not known to require ExcludeArch
 [!] All build dependencies are listed in BuildRequires, except for any that
are listed in the exceptions section of Packaging Guidelines.
=> python-devel is not needed. BR: python is enough
 [-] The spec file handles locales properly.
 [-] ldconfig called in %post and %postun if required.
 [x] Package must own all directories that it creates.
 [x] Package requires other packages for directories it uses.
 [x] Package does not contain duplicates in %files.
 [x] Permissions on files are set properly.
 [x] Package consistently uses macros.
 [x] Package contains code, or permissable content.
 [-] Large documentation files are in a -doc subpackage, if required.
 [x] Package uses nothing in %doc for runtime.
 [-] Header files in -devel subpackage, if present.
 [-] Static libraries in -devel subpackage, if present.
 [-] Package requires pkgconfig, if .pc files are present.
 [-] Development .so files in -devel subpackage, if present.
 [-] Fully versioned dependency in subpackages, if present.
 [x] Package does not contain any libtool archives (.la).
 [-] Package contains a properly installed %{name}.desktop file if it is a GUI
application.
 [x] Package does not own files or directories owned by other packages.
 [x] Final provides and requires are sane.

=== SUGGESTED ITEMS ===
 [x] Latest version is packaged.
 [x] Package does not include license text files separate from upstream.
 [-] Description and summary sections in the package spec file contains
translations for supported Non-English languages, if available.
 [x] Reviewer should test that the package builds in mock.
     Tested on: EL6
 [x] Package should compile and build into binary rpms on all supported
architectures.
     Tested on: EL6 ( the package is noarch)
 [x] Package functions as described.
 [-] Scriptlets must be sane, if used.
 [-] The placement of pkgconfig(.pc) files is correct.
 [-] File based requires are sane.
 [x] %check is present and the test passes.

=== OPTIONAL ITEMS ===
 [x] Buildroot is correct
(%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n))
 [x] Package has a %clean section, which contains rm -rf $RPM_BUILD_ROOT.

=== Issues ===
1. BR python-devel is not needed, just python is enough
2. a small need of cosmetics is needed in %Summary (s/tool/Tool) and the
BuildArch line ( you've used tabs everywhere but before "noarch")
3. python-twisted-web is a runtime require, not BR
4. Docs are included twice:
/usr/share/doc/sslstrip-0.7
/usr/share/doc/sslstrip-0.7/COPYING
/usr/share/doc/sslstrip-0.7/README
/usr/share/sslstrip/COPYING
/usr/share/sslstrip/README

=== Notes ===
1. if you take care of .egg-info, the package builds just fine in EPEL-5 (see
http://koji.fedoraproject.org/koji/taskinfo?taskID=2330964).
2. please inform the upstream author that version 0.7 of sslstrip prints a
wrong version at startup time:
   [root at wolfy ~]# sslstrip -l 1001
   /usr/lib64/python2.6/site-packages/twisted/internet/_sslverify.py:5: 
DeprecationWarning: the md5 module is deprecated; use hashlib instead
  import itertools, md5

   sslstrip 0.6 by Moxie Marlinspike running...

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list