https://bugzilla.redhat.com/show_bug.cgi?id=2196274
Zbigniew Jędrzejewski-Szmek <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |[email protected] Assignee|[email protected] |[email protected] Flags| |fedora-review? --- Comment #5 from Zbigniew Jędrzejewski-Szmek <[email protected]> --- This isn't really relevant for the review, but a hint to save work: > # > https://github.com/actor-framework/actor-framework/commit/db5fd0b2f56e4df14fe9a407f0461d1c34c42fbd > Patch0: actor-framework-fix-tools.patch I'd write this as Patch: https://github.com/actor-framework/actor-framework/commit/db5fd0b2f56e4df14fe9a407f0461d1c34c42fbd.patch This has the advantage that 'spectool -g *.spec' will just download the file without further ado. > License: BSD-3-Clause OR BSL-1.0 I think this needs to be "AND" instead. The sources are under the first license, but they are also combined with some other (header) files to form the compiled product. The result must then satisfy both licenses, i.e. is under the first and the second license. > actor-framework-tools.x86_64: W: no-manual-page-for-binary caf-run > actor-framework-tools.x86_64: W: no-manual-page-for-binary caf-vec > actor-framework-devel.x86_64: W: no-documentation > actor-framework-tools.x86_64: W: no-documentation Meh. > actor-framework.x86_64: W: crypto-policy-non-compliance-openssl > /usr/lib64/libcaf_openssl.so.0.19.1 SSL_CTX_set_cipher_list This one is fairly problematic. The code does: SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!MD5") https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_cc_applications says: > check the source code for SSL_CTX_set_cipher_list(). If it is not present > then nothing needs to be done (the default is used). Otherwise, if that call > is present and provided a fixed string which does not contain PSK or SRP, > replace the string with "PROFILE=SYSTEM", or remove the call. > 6 packages and 0 specfiles checked; 0 errors, 5 warnings, 0 badness; has > taken 1.3 s Quoting Frostyx's review service: Requires (with glibc and linker stuff removed) -------- actor-framework (rpmlib, GLIBC filtered): libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) libcrypto.so.3()(64bit) libcrypto.so.3(OPENSSL_3.0.0)(64bit) libssl.so.3()(64bit) libssl.so.3(OPENSSL_3.0.0)(64bit) actor-framework-devel (rpmlib, GLIBC filtered): actor-framework(x86-64) cmake-filesystem(x86-64) libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) libcaf_net.so.0.19.1()(64bit) libcaf_openssl.so.0.19.1()(64bit) actor-framework-tools (rpmlib, GLIBC filtered): actor-framework(x86-64) libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) actor-framework-debuginfo (rpmlib, GLIBC filtered): actor-framework-debugsource (rpmlib, GLIBC filtered): Provides -------- actor-framework: actor-framework actor-framework(x86-64) libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) libcaf_net.so.0.19.1()(64bit) libcaf_openssl.so.0.19.1()(64bit) actor-framework-devel: actor-framework-devel actor-framework-devel(x86-64) cmake(CAF) cmake(caf) actor-framework-tools: actor-framework-tools actor-framework-tools(x86-64) Looks all good. (Or even better than "good". The spec file is very clean.) + package name is OK + license is acceptable for Fedora (BSD-3-Clause) - license is specified correctly (see above) + builds and installs OK + BR/P/R look correct + no scriptlets needed or present - rpmlint finds one issue (see above) -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2196274 _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
