[Bug 689056] Review Request: lmd - Linux Malware Detecter

bugzilla at redhat.com bugzilla at redhat.com
Sun Mar 20 22:36:08 UTC 2011 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=689056

Sergio Belkin <sebelk at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |sebelk at gmail.com
         AssignedTo|nobody at fedoraproject.org    |sebelk at gmail.com
               Flag|                            |fedora-review?

--- Comment #1 from Sergio Belkin <sebelk at gmail.com> 2011-03-20 18:36:06 EDT ---
Hi Mark,

Here is the review (this is my first "official" review) so I am open to
comments from experienced packagers :)

1 Firstly, please add a line between each new entry of changelog, I mean:

* Fri Mar 18 2011 Mark McKinstry <mmckinst at nexcess.net> - 1.3.9-1
- whatever....

* Tue Nov 29 2010 Mark McKinstry <mmckinst at nexcess.net> - 1.3.7-1
- whatever...

2 - Why is included a tmp file in datadir...?

3 - What's wrong with md5sum? (See below) It's not a minor issue in a software
that pretends to detect malware!

Because of that, the package is NOT approved YET.

Notes: +:ok, =:needs attention, -:needs fixing

MUST Items:
[] MUST: rpmlint must be run on every package.

rpmlint -i -v
/var/lib/mock/fedora-rawhide-i386/root/builddir/build/RPMS/lmd-1.3.9-1.fc16.noarch.rpm
lmd.noarch: I: checking
lmd.noarch: W: spelling-error Summary(en_US) malware -> metalware, malarkey,
Mallarme
The value of this tag appears to be misspelled. Please double-check.

lmd.noarch: W: spelling-error %description -l en_US malware -> metalware,
malarkey, Mallarme
The value of this tag appears to be misspelled. Please double-check.

lmd.noarch: I: checking-url http://www.rfxn.com/projects/linux-malware-detect/
(timeout 10 seconds)
lmd.noarch: E: executable-marked-as-config-file /etc/cron.daily/maldetect
Executables must not be marked as config files because that may prevent
upgrades from working correctly. If you need to be able to customize an
executable, make it for example read a config file in /etc/sysconfig.

lmd.noarch: E: zero-length /usr/share/maldetect/ignore_sigs
lmd.noarch: W: no-manual-page-for-binary maldet
Each executable in standard binary directories should have a man page.

1 packages and 0 specfiles checked; 2 errors, 3 warnings.

rpmlint -i -v ../SRPMS/lmd-1.3.9-1.fc14.src.rpm 
lmd.src: I: checking
lmd.src: W: spelling-error Summary(en_US) malware -> metalware, malarkey,
Mallarme
The value of this tag appears to be misspelled. Please double-check.

lmd.src: W: spelling-error %description -l en_US malware -> metalware,
malarkey, Mallarme
The value of this tag appears to be misspelled. Please double-check.

lmd.src: I: checking-url http://www.rfxn.com/projects/linux-malware-detect/
(timeout 10 seconds)
lmd.src: I: checking-url http://www.rfxn.com/downloads/maldetect-current.tar.gz
(timeout 10 seconds)
1 packages and 0 specfiles checked; 0 errors, 2 warnings.



rpmlint -i -v lmd.spec
lmd.spec: I: checking-url
http://www.rfxn.com/downloads/maldetect-current.tar.gz (timeout 10 seconds)
0 packages and 1 specfiles checked; 0 errors, 0 warnings.

Warnings are harmless

<<output if not already posted>>
[:=] MUST: The package must be named according to the Package Naming
Guidelines.
[+] MUST: The spec file name must match the base package %{name}
[:=] MUST: The package must meet the Packaging Guidelines. [FIXME?: covers this
list and more]
[+] MUST: The package must be licensed with a Fedora approved license and meet
the Licensing Guidelines.
[-] MUST: The License field in the package spec file must match the actual
license.
File tlog is licensed under GPLv2+, so License must be: GPLv2 + GPLv2+

[+] MUST: If (and only if) the source package includes the text of the
license(s) in its own file, then that file, containing the text of the
license(s) for the package must be included in %doc.
[:=] MUST: The spec file must be written in American English.
[+] MUST: The spec file for the package MUST be legible.
[-] MUST: The sources used to build the package must match the upstream source,
as provided in the spec URL.
md5sum checksum tarball from SRPM:fdaf465ad43ffe90bb47adf6d2a39918
md5sum checksum upstream: e805672f97e990907fa910029b52a7dd

Ooops! What's wrong??

[+] MUST: The package must successfully compile and build into binary rpms on
at least one supported architecture.
[+] MUST: All build dependencies must be listed in BuildRequires



[] MUST: The spec file MUST handle locales properly. This is done by using the
%find_lang macro.
[+] MUST: A package must own all directories that it creates. If it does not
create a directory that it uses, then it should require a package which does
create that directory.
[+] MUST: A package must not contain any duplicate files in the %files listing.
[+] MUST: Permissions on files must be set properly. Executables should be set
with executable permissions, for example. Every %files section must include a
%defattr(...) line.
[+] MUST: Each package must consistently use macros, as described in the macros
section of Packaging Guidelines.
[+] MUST: The package must contain code, or permissible content. This is
described in detail in the code vs. content section of Packaging Guidelines.
[+] MUST: If a package includes something as %doc, it must not affect the
runtime of the application.
[+] MUST: Packages must not own files or directories already owned by other
packages.
[+] MUST: All filenames in rpm packages must be valid UTF-8.

SHOULD Items:
[:=] SHOULD: If the source package does not include license text(s) as a
separate file from upstream, the packager SHOULD query upstream to include it.
[+] SHOULD: The description and summary sections in the package spec file
should contain translations for supported Non-English languages, if available.
[+] SHOULD: The reviewer should test that the package builds in mock.
[:=] SHOULD: The reviewer should test that the package functions as described.
[+] SHOULD: Packages should try to preserve timestamps of original installed
files.
[:=] It has not a manpage for executable file, could it possible? contact to
the upstream if you can.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list