[Bug 691153] Review Request: pam_shield - pam module to block brute force attacks

Tue Mar 29 20:05:54 UTC 2011

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=691153

Jeffrey Ness <jeffrey.ness at rackspace.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jeffrey.ness at rackspace.com
         AssignedTo|nobody at fedoraproject.org    |jeffrey.ness at rackspace.com

--- Comment #3 from Jeffrey Ness <jeffrey.ness at rackspace.com> 2011-03-29 16:05:53 EDT ---
Hey Carl,

Everything looks good from here. As mentioned you may want to add trailing
slashes to your directories lines (this is purely preference, but allows you to
quickly notice its a directory and not a file).

Also the sed lines are justified over a patch due to flexibility and possible
future changes to the configuration.

------

PASSED MUST HAVE'S:

[ pass ] MUST rpmlint must be run on every package

[ pass ] MUST The package must be named according to the Package Naming 
         Guidelines

[ pass ] MUST The spec file name must match the base package %{name}

[ pass ] MUST The package must be licensed with a Fedora approved license
         and meet the Licensing Guidelines

[ pass ] MUST The License field in the package spec file must match the 
         actual license

[ pass ] MUST If (and only if) the source package includes the text of the 
         license(s) in its own file, then that file, containing the text of 
         the license(s) for the package must be included in %doc

[ pass ] MUST The spec file must be written in American English.

[ pass ] MUST The sources used to build the package must match the upstream 
         source, as provided in the spec URL. Reviewers should use md5sum for 
         this task. If no upstream URL can be specified for this package, 
         please see the Source URL Guidelines for how to deal with this.

[ pass ] MUST The package MUST successfully compile and build into binary 
         rpms on at least one primary architecture

[ pass ] MUST All build dependencies must be listed in BuildRequires, except 
         for any that are listed in the exceptions section of the Packaging 
         Guidelines ; inclusion of those as BuildRequires is optional. Apply 
         common sense.

[ pass ] MUST A package must own all directories that it creates. If it does 
         not create a directory that it uses, then it should require a package 
         which does create that directory.

[ pass ] MUST A package must not contain any duplicate files in the %files 
         listing.

[ pass ] MUST Permissions on files must be set properly. Executables should 
         be set with executable permissions, for example. Every %files section 
         must include a %defattr(...) line.

[ pass ] MUST Each package must have a %clean section, which contains rm -rf
         %{buildroot} (or $RPM_BUILD_ROOT).

[ pass ] MUST The package must contain code, or permissible content.

[ pass ] MUST Large documentation files must go in a -doc subpackage. (The 
         definition of large is left up to the packager's best judgement, but 
         is not restricted to size. Large can refer to either size or 
         quantity).

[ pass ] MUST If a package includes something as %doc, it must not affect the 
         runtime of the application. To summarize: If it is in %doc, the 
         program must run properly if it is not present.

[ pass ] MUST Packages must not own files or directories already owned by 
         other packages. The rule of thumb here is that the first package to 
         be installed should own the files or directories that other packages 
         may rely upon. This means, for example, that no package in Fedora 
         should ever share ownership with any of the files or directories 
         owned by the filesystem or man package. If you feel that you have a 
         good reason to own a file or directory that another package owns, 
         then please present that at package review time.

[ pass ] MUST At the beginning of %install, each package MUST run rm -rf
         %{buildroot} (or $RPM_BUILD_ROOT).

[ pass ] MUST All filenames in rpm packages must be valid UTF-8.

SKIPPED MUST HAVE's:

[ skip ]  MUST If the package does not successfully compile, build or work on 
         an architecture, then those architectures should be listed in the 
         spec in ExcludeArch. Each architecture listed in ExcludeArch MUST 
         have a bug filed in bugzilla, describing the reason that the package 
         does not compile/build/work on that architecture. The bug number MUST 
         be placed in a comment, next to the corresponding ExcludeArch line 

 http://fedoraproject.org/wiki/Packaging/Guidelines#Architecture_Build_Failures

[ skip ]  MUST The spec file MUST handle locales properly. This is done by 
         using the %find_lang macro. Using %{_datadir}/locale/* is strictly 
         forbidden 

 http://fedoraproject.org/wiki/Packaging/Guidelines#Handling_Locale_Files

[ skip ]  MUST Every binary RPM package (or subpackage) which stores shared 
         library files (not just symlinks) in any of the dynamic linker's 
         default paths, must call ldconfig in %post and %postun. 

 http://fedoraproject.org/wiki/Packaging/Guidelines#Shared_Libraries

[ skip ]  MUST If the package is designed to be relocatable, the packager must 
         state this fact in the request for review, along with the 
         rationalization for relocation of that specific package. Without 
         this, use of Prefix: /usr is considered a blocker. 

 http://fedoraproject.org/wiki/Packaging/Guidelines#RelocatablePackages

[ skip ]  MUST Header files must be in a -devel package. 

 http://fedoraproject.org/wiki/Packaging/Guidelines#DevelPackages

[ skip ]  MUST Static libraries must be in a -static package. 

 http://fedoraproject.org/wiki/Packaging/Guidelines#StaticLibraries

[ skip ]  MUST Packages containing pkgconfig(.pc) files must 'Requires: 
         pkgconfig' (for directory ownership and usability). 

 http://fedoraproject.org/wiki/Packaging/Guidelines#PkgconfigFiles

[ skip ]  MUST If a package contains library files with a suffix (e.g. 
         libfoo.so.1.1), then library files that end in .so (without suffix) 
         must go in a -devel package. 

 http://fedoraproject.org/wiki/Packaging/ReviewGuidelines#cite_ref-devel_18-1

[ skip ]  MUST In the vast majority of cases, devel packages must require the 
         base package using a fully versioned dependency: Requires: %{name} =
         %{version}-%{release} 

 http://fedoraproject.org/wiki/Packaging/Guidelines#RequiringBasePackage

[ skip ]  MUST Packages must NOT contain any .la libtool archives, these must 
         be removed in the spec if they are built. 

 http://fedoraproject.org/wiki/Packaging/Guidelines#StaticLibraries

[ skip ]  MUST Packages containing GUI applications must include a
         %{name}.desktop file, and that file must be properly installed with 
         desktop-file-install in the %install section. If you feel that your 
         packaged GUI application does not need a .desktop file, you must put 
         a comment in the spec file with your explanation. 

 http://fedoraproject.org/wiki/Packaging/Guidelines#desktop

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.