[Bug 787738] Review Request: wss4j - Apache WS-Security implementation

bugzilla at redhat.com bugzilla at redhat.com
Fri Feb 17 23:34:14 UTC 2012 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=787738

Garrett Holmstrom <gholms at fedoraproject.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |gholms at fedoraproject.org
         AssignedTo|nobody at fedoraproject.org    |gholms at fedoraproject.org
               Flag|                            |fedora-review?

--- Comment #1 from Garrett Holmstrom <gholms at fedoraproject.org> 2012-02-17 18:34:13 EST ---
I presume you chose version 1.5 over 1.6 so you could patch out the opensaml
dependency.  Any idea how long 1.5 will have upstream support?

The spec file has only a few minor issues:
- ™ must not appear in package descriptions
- Patch entries in the spec file need descriptive comments
- The java dep must be versioned per the java guidelines
- You need to add post and postun deps on jpackage-utils per the java
guidelines

Just fix those and you should be good to go.  Note that you won't be able to
build for EPEL 5 with this spec file if that matters to you.  An exhaustive
review follows.

Mandatory review guidelines:
ok - rpmlint output (none)
ok - Package meets naming guidelines
ok - Spec file name matches base package name
ok - License is acceptable (ASL 2.0)
ok - License field in spec is correct
ok - License files included in package %docs or not included in upstream source
ok - License files installed when any subpackage combination is installed
ok - Spec written in American English
ok - Spec is legible
ok - Sources match upstream unless altered to fix permissibility issues
     Upstream MD5:  7f0029d960a140b5054a3c339259daac  wss4j-src-1.5.12.zip
     Your MD5:      7f0029d960a140b5054a3c339259daac  wss4j-src-1.5.12.zip
ok - Build succeeds on at least one supported platform
-- - Build succeeds on all supported platforms or has ExcludeArch + bugs filed
ok - BuildRequires correct
-- - Package handles locales with %find_lang
-- - %post, %postun call ldconfig if package contains shared .so files
ok - No bundled system libs
-- - Relocatability is justified
ok - Package owns all directories it creates
ok - Package requires other packages for directories it uses but does not own
ok - No duplicate files in %files unless necessary for license files
ok - File permissions are sane
-- - Each %files section contains %defattr on EL4
ok - Consistent use of macros
ok - Sources contain only permissible code or content
-- - Large documentation files go in -doc package
ok - Missing %doc files do not affect runtime
-- - Headers go in -devel package
-- - Static libs go in -static package
-- - Unversioned .so files go in -devel package
-- - Devel packages require base with fully-versioned dependency
ok - Package contains no .la files
-- - GUI app uses desktop-file-install/desktop-file-validate for .desktop files
-- - Package's files and directories don't conflict with others' or justified
ok - File names are valid UTF-8

Optional review guidelines:
-- - Query upstream about including license files
no - Translations of description, Summary
ok - Builds in mock
ok - Builds on all supported platforms
-- - Scriptlets are sane
-- - Non-devel subpackage Requires are sane
-- - .pc files go in -devel unless main package is a development tool
ok - No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin
-- - Man pages included for all executables
-- - Package with test-suite executes it in %check section

Packaging guidelines:
ok - Has dist tag
ok - Useful without external bits
ok - Package obeys FHS, except libexecdir, /usr/target, /run
ok - No files in /bin, /sbin, /lib* on >= F17
-- - Programs launched before FS mounting use /run instead of /var/run
-- - Binaries in /bin, /sbin do not depend on files in /usr on < F17
ok - Changelog in prescribed format
ok - Spec file lacks Packager, Vendor, PreReq tags
-- - Correct BuildRoot tag on < F10/EL6
     Builds will not work on EPEL 5.
-- - Correct %clean section on < F13/EL6
     Builds will not work on EPEL 5.
NO - Requires correct, justified where necessary
     Java guideline violation; see below
NO - Summary, description do not use trademarks incorrectly
     Remove ™ from the package description.
ok - All relevant documentation is packaged, tagged appropriately
ok - Documentation files do not have executable permissions
-- - %build honors applicable compiler flags or justifies otherwise
-- - Package with .pc files Requires pkgconfig on < EL6
-- - Useful -debuginfo package or disabled and justified
ok - No static executables
ok - Rpath absent or only used for internal libs
-- - Config files marked with %config
-- - %config files marked noreplace or justified
ok - No %config files under /usr
-- - Systemd units/init scripts are sane
-- - Spec uses macros instead of hard-coded directory names where appropriate
ok - Spec uses macros for executables only when configurability is needed
-- - %makeinstall used only when ``make install DESTDIR=...'' doesn't work
-- - Macros in Summary, %description expandable at SRPM build time
-- - Spec uses %{SOURCE#} instead of $RPM_SOURCE_DIR or %{sourcedir}
-- - %global instead of %define where appropriate
-- - Package containing translations BuildRequires gettext
ok - File timestamps preserved by file ops
-- - Parallel make
ok - Spec does not use Requires(pre,post) notation
-- - User, group creation handled correctly (See Packaging:UsersAndGroups)
-- - Web app files go in /usr/share/%{name}, not /var/www
-- - Conflicts are justified
ok - No external kernel modules
ok - No files in /srv, /opt, /usr/local
ok - One project per package
NO - Patches link to upstream bugs/comments/lists or are otherwise justified
     Please add patch descriptions to the spec file.
-- - Packages needing dirs in /var/run or /var/lock use tmpfiles.d on >= F15
-- - Renamed packages migrate from old packages correctly
-- - Programs that support IPv4 and IPv6 without functionality loss enable both

Java guidelines:
ok - Javadocs go in javadoc subpackage
ok - Prefer split JARs over monolithic
ok - JAR file names correct
ok - JAR files go in %{_javadir} or %{_javadir}-$version
-- - Multiple JAR files go in a %{name} subdirectory
ok - Javadocs go in unversioned %{_javadocdir}/%{name}
ok - javadoc subpackage is noarch on > EL5
ok - BuildRequires java-devel, jpackage-utils
NO - Requires java >= $version, jpackage-utils
     The Java guidelines require a versioned dependency on java.
NO - Dependencies on java/java-devel >= 1.6.0 add epoch 1
     Should be fixed with the above
NO - Package requiring maven Requires jpackage-utils for post and postun
ok - Package requiring maven contains correct maven-specific code in spec
-- - Wrapper script in %{_bindir}
-- - GCJ AOT bits follow GCJ guidelines
ok - No devel package
ok - pom.xml files, if any, installed with %add_maven_depmap
-- - JNI shared objects, JARs that require them go in %{_libdir}/%{name}
-- - Calls to System.loadLibrary replaced w/ System.load w/ full .so path
ok - Bundled JAR files not included or used for build
ok - No Javadoc %post/%ghost
ok - No class-path elements in JAR manifests

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list