8:35 a.m.
Hi,
I'm trying to complete an unofficial review
(https://bugzilla.redhat.com/show_bug.cgi?id=1401450) to check my
review skills :-), and I have some problems filling some MUST items
which fedora-review leaves blanks.
The items are:
1) Sources contain only permissible code or content: this is very hard
to check if source code is big enough; I'm quite sure that it doesn't
contain content, but checking all source code would be a very long
work. Can we rely on the license (GPLv3+)?
2) Package does not generate any conflict: do I have to install all
Fedora packeges to check this or is there a better way to check that
(maybe a query to the package database)?
3) Package is not known to require an ExcludeArch tag: I think I need
a scratch koji build to check this, but it was not done. Can I do a
scratch build myself?
4) Package complies to the Packaging Guidelines: this seems to me like
a catch all question, it summarizes all other items, doesn't it?
Ciao
Guido
8:50 a.m.
On 12/12/2016 09:35 AM, Guido Aulisi wrote:
Hi,
I'm trying to complete an unofficial review
(https://bugzilla.redhat.com/show_bug.cgi?id=1401450) to check my
review skills :-), and I have some problems filling some MUST items
which fedora-review leaves blanks.
The items are:
1) Sources contain only permissible code or content: this is very hard
to check if source code is big enough; I'm quite sure that it doesn't
contain content, but checking all source code would be a very long
work. Can we rely on the license (GPLv3+)?
This one is more of a best reasonable effort requirement. As long as you scan
through things and don't see any evidence that something would be impermissible,
it should be fine. Mostly this is a catch-all for things that humans are better
at discovering than a computer (like someone submitting a program called "Last
Fantasy" which is a complete replica of a famous video game).
2) Package does not generate any conflict: do I have to install all
Fedora packeges to check this or is there a better way to check that
(maybe a query to the package database)?
Mostly this one is just to ensure that we don't have a whole bunch of packages
trying to own /usr/bin/commonword or something.
3) Package is not known to require an ExcludeArch tag: I think I
need
a scratch koji build to check this, but it was not done. Can I do a
scratch build myself?
This is a MAY, not a MUST, I think. It basically means that the package isn't
known not to work properly on specific architectures. (Which is subtly different
from ExclusiveArch, which means that it's only supported on certain architectures).
4) Package complies to the Packaging Guidelines: this seems to me
like
a catch all question, it summarizes all other items, doesn't it?
Yes.
9:01 a.m.
Il 12/12/2016 15:50, Stephen Gallagher ha scritto:
> 1) Sources contain only permissible code or content: this is very
hard
> to check if source code is big enough; I'm quite sure that it doesn't
> contain content, but checking all source code would be a very long
> work. Can we rely on the license (GPLv3+)?
>
This one is more of a best reasonable effort requirement. As long as you scan
through things and don't see any evidence that something would be impermissible,
it should be fine. Mostly this is a catch-all for things that humans are better
at discovering than a computer (like someone submitting a program called "Last
Fantasy" which is a complete replica of a famous video game).
If the sources are listed in licensecheck.txt as "Unknown or generated"
you must check them all, because some of this, may return a/some not
valid licenses for Fedora
for example Package nom-tam-fits all of it files are listed as "unknown
or generated"
but all contain this header:
/*
* #%L
* nom.tam FITS library
* %%
* Copyright (C) 2004 - 2015 nom-tam-fits
* %%
* This is free and unencumbered software released into the public domain.
*
* Anyone is free to copy, modify, publish, use, compile, sell, or
* distribute this software, either in source code form or as a compiled
* binary, for any purpose, commercial or non-commercial, and by any
* means.
*
* In jurisdictions that recognize copyright laws, the author or authors
* of this software dedicate any and all copyright interest in the
* software to the public domain. We make this dedication for the benefit
* of the public at large and to the detriment of our heirs and
* successors. We intend this dedication to be an overt act of
* relinquishment in perpetuity of all present and future rights to this
* software under copyright law.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
* #L%
*/
9:10 a.m.
2016-12-12 15:50 GMT+01:00 Stephen Gallagher <sgallagh(a)redhat.com>:
> 3) Package is not known to require an ExcludeArch tag: I think I
need
> a scratch koji build to check this, but it was not done. Can I do a
> scratch build myself?
>
This is a MAY, not a MUST, I think. It basically means that the package isn't
known not to work properly on specific architectures. (Which is subtly different
from ExclusiveArch, which means that it's only supported on certain architectures).
Yes, sorry I didn't notice that.
Thank you very much for your answer.
Guido
8:52 a.m.
Il 12/12/2016 15:35, Guido Aulisi ha scritto:
Hi,
I'm trying to complete an unofficial review
(https://bugzilla.redhat.com/show_bug.cgi?id=1401450) to check my
review skills :-), and I have some problems filling some MUST items
which fedora-review leaves blanks.
The items are:
1) Sources contain only permissible code or content: this is very hard
to check if source code is big enough; I'm quite sure that it doesn't
contain content, but checking all source code would be a very long
work. Can we rely on the license (GPLv3+)?
Se i sorgenti sono listati in
licensecheck.txt come "Unknown or generated"
devi lo stesso controllarli tutti, perchè alcuni potrebbero riportare
licenze non vailde per Fedora
ad esempio il pacchetto nom-tam-fits tutti i suoi file sono catalogati
come "Unknown or generated"
pero contengono, tutti, questa intestazione:
/*
* #%L
* nom.tam FITS library
* %%
* Copyright (C) 2004 - 2015 nom-tam-fits
* %%
* This is free and unencumbered software released into the public domain.
*
* Anyone is free to copy, modify, publish, use, compile, sell, or
* distribute this software, either in source code form or as a compiled
* binary, for any purpose, commercial or non-commercial, and by any
* means.
*
* In jurisdictions that recognize copyright laws, the author or authors
* of this software dedicate any and all copyright interest in the
* software to the public domain. We make this dedication for the benefit
* of the public at large and to the detriment of our heirs and
* successors. We intend this dedication to be an overt act of
* relinquishment in perpetuity of all present and future rights to this
* software under copyright law.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
* #L%
*/
che definisce la licenza (BSD)**
2) Package does not generate any conflict: do I have to install all
Fedora packeges to check this or is there a better way to check that
(maybe a query to the package database)?
non credo si dovrebbe tenere presente che
i pacchetti dovrebbero
contenere librerie o file eseguibili
non disonibili in altri
3) Package is not known to require an ExcludeArch tag: I think I
need
a scratch koji build to check this, but it was not done. Can I do a
scratch build myself?
koji build rawhide --scratch /[PERCORSO
SRPM]/[NOME][VERSIONE][RELEASE].src.rpm
oppure
koji build --scratch --arch-override x86_64 rawhide /[PERCORSO
SRPM]/[NOME][VERSIONE][RELEASE].src.rpm
4) Package complies to the Packaging Guidelines: this seems to me
like
a catch all question, it summarizes all other items, doesn't it?
Questo dipende
dal tipo di paccetto (C/C++, Python, fonts, Java,
SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby)
Ciao
Guido
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
ciao
.g
9:56 a.m.
On Mon, Dec 12, 2016 at 03:35:36PM +0100, Guido Aulisi wrote:
Hi,
I'm trying to complete an unofficial review
(https://bugzilla.redhat.com/show_bug.cgi?id=1401450) to check my
review skills :-), and I have some problems filling some MUST items
which fedora-review leaves blanks.
The items are:
1) Sources contain only permissible code or content: this is very hard
to check if source code is big enough; I'm quite sure that it doesn't
contain content, but checking all source code would be a very long
work. Can we rely on the license (GPLv3+)?
Like others mentioned, licensecheck helps a lot.
You cannot check every file of course, but files in a source tree
usually fall into a few groups, e.g. all .c/.h files that have the
same header, a few scripts in tools/ which have a different one, etc.
Also, it is quite common to embed other projects or parts of other
projects with a different license. So what I do is: try to get
a sense of what groups of files there are in the project, and look
at a sample from each group.
There's a caveat: the License tag specifies the license of the binary
package [1], so for example build scripts, configuration macros, tests
that are only used during build, makefiles, are all things which can a
stricter (or different) license than what License specifies. They
have to be redistributable, but have no direct effect on the License
tag.
[1]
https://fedoraproject.org/wiki/Licensing:FAQ?rd=Licensing/FAQ#What_is_.22...
2) Package does not generate any conflict: do I have to install all
Fedora packeges to check this or is there a better way to check that
(maybe a query to the package database)?
fedora-review checks this for you. No need to do this by hand.
3) Package is not known to require an ExcludeArch tag: I think I
need
a scratch koji build to check this, but it was not done. Can I do a
scratch build myself?
For noarch packages, you don't need to bother.
Every fedora packager can do a scratch build:
koji build --scratch rawhide package.src.rpm
For compiled packages, it's good to do this check, although most of
the time it's fine if you skip it: after all, if the package does not
compile on some architecture, the maintainer of that package will not
be able to build it, so they'll have either fix that or add
ExcludeArch/ExclusiveArch anyway.
4) Package complies to the Packaging Guidelines: this seems to me
like
a catch all question, it summarizes all other items, doesn't it?
Yeah. The checklist in fedora-review requires contains a few strange
items. That is one. For others, the wording is rather strange:
"Package is not known to require an ExcludeArch tag",
"Package contains systemd file(s) if in need." ?
Take them with a grain of salt.
Zbyszek
10:09 a.m.
On Mon, 12 Dec 2016 15:56:33 +0000, Zbigniew Jędrzejewski-Szmek wrote:
> 4) Package complies to the Packaging Guidelines: this seems to
me like
> a catch all question, it summarizes all other items, doesn't it?
Yeah. The checklist in fedora-review requires contains a few strange
items. That is one.
Funny you would say that. It's one of the items copied from the official
Review Guidelines: https://fedoraproject.org/wiki/Packaging:ReviewGuidelines
10:29 a.m.
On Mon, Dec 12, 2016 at 05:09:58PM +0100, Michael Schwendt wrote:
On Mon, 12 Dec 2016 15:56:33 +0000, Zbigniew Jędrzejewski-Szmek
wrote:
> > 4) Package complies to the Packaging Guidelines: this seems to me like
> > a catch all question, it summarizes all other items, doesn't it?
>
> Yeah. The checklist in fedora-review requires contains a few strange
> items. That is one.
Funny you would say that. It's one of the items copied from the official
Review Guidelines: https://fedoraproject.org/wiki/Packaging:ReviewGuidelines
It's like the OP said: there's a long list of checks for the
guidelines, and somewhere in the middle we have a question that
encompasses most of the others. This is not useful: the whole point of
a checklist is that it contains items which are small enough to be
checked. This question would be like an airplane pilot's checklist
saying "Are you flying the plane correctly?".
Zbyszek
10:39 a.m.
On Mon, 12 Dec 2016 16:29:39 +0000, Zbigniew Jędrzejewski-Szmek wrote:
On Mon, Dec 12, 2016 at 05:09:58PM +0100, Michael Schwendt wrote:
> On Mon, 12 Dec 2016 15:56:33 +0000, Zbigniew Jędrzejewski-Szmek wrote:
>
> > > 4) Package complies to the Packaging Guidelines: this seems to me like
> > > a catch all question, it summarizes all other items, doesn't it?
> >
> > Yeah. The checklist in fedora-review requires contains a few strange
> > items. That is one.
>
> Funny you would say that. It's one of the items copied from the official
> Review Guidelines: https://fedoraproject.org/wiki/Packaging:ReviewGuidelines
It's like the OP said: there's a long list of checks for the
guidelines, and somewhere in the middle we have a question that
encompasses most of the others. This is not useful: the whole point of
a checklist is that it contains items which are small enough to be
checked. This question would be like an airplane pilot's checklist
saying "Are you flying the plane correctly?".
It has been pointed out several times before that it's a catch-all and
quite demanding as such. The entire checklist could be reduced to that
single MUST item. Hundreds of package review approvals have incorrectly
answered that checklist item as [X].
Don't blame fedora-review. Try to get the Review Guidelines changed first.
10:22 a.m.
On Mon, Dec 12, 2016 at 03:56:33PM +0000, Zbigniew Jędrzejewski-Szmek wrote:
> 2) Package does not generate any conflict: do I have to install
all
> Fedora packeges to check this or is there a better way to check that
> (maybe a query to the package database)?
fedora-review checks this for you. No need to do this by hand.
Actually it doesn't. But our tooling should support that and do it
automatically.
For now, I filed https://bugzilla.redhat.com/show_bug.cgi?id=1403934,
so that we can do 'dnf repoquery -f $(rpm -qpl package-under-review.rpm)'
Zbyszek
2738
days inactive
2738
days old
9 comments
5 participants
participants (5)
-
gil -
Guido Aulisi -
Michael Schwendt -
Stephen Gallagher -
Zbigniew Jędrzejewski-Szmek