Orcan Ogetbil wrote:
What is the status of this project? Did anyone started out writing
some code? I want to contribute to this. Is there a webpage?
My opinion on this idea is, we should first write a script that displays 3 different kind
of outputs:
1- Pure automatic checks: sha1sums, %files etc. -> Display results
I agree with the three broad categories that you have but please
remember that sha1sums are only a semi-automatic check. sha1sums of the
included tarball can be run against the source URLs listed in the spec
file but those Source URLs must be checked by a human. A computer will
gloss over::
Source0:
http://crackz.com/foo.tar.gz
but a human can check via google, mailing lists, and other distros to
see that the Source url is canonical.
2- Semi-automatic checks: For instance, the script will check for
static libraries in the build. -> Display results (If there are static libraries then
it will warn the reviewer so he can check for the necessity of them.)
3- Purely manual checks: Not everything in the guidelines is easy to implement. Hence
after the script is done, it will tell the reviewer what else needs to be checked
manually.
As time goes more features can be implemented and more items from 3 can be shifted into 1
or 2. We will need to build a powerful parser. I think some code can be borrowed from
rpmlint.
-Toshio