Re: [Fedora-legal-list] Trivy for licenses
Dne 03. 03. 24 v 20:22 Philippe Ombredanne napsal(a): It is mostly based on google/licenseclassifier which had a single commit in the last 17 months, and this means this is not more maintained than askalono (and frankly both are fairly lightweight tools for license detection). Trivy adds SPDX expression parsing on top of the google/licenseclassifier and that's it. I would not rely on these for anything serious and certainly not to scan code for license prior to its inclusion in Fedora. On the other hand, you can have custom config https://aquasecurity.github.io/trivy/v0.49/docs/scanner/license/#custom-classification and we can easily generate config for trivy from fedora-license-data. So you will have clacification specifically for Fedora. If you want robust license detection, consider using ScanCode [2] and Scancode.io [3] for more complex pipelines. Both are tools that I co-maintain and are considered as better tools for this. Do not hesitate to reach out for help! *nod* It would welcome if anyone can help Robert here: https://bugzilla.redhat.com/show_bug.cgi?id=2235055 -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora 40 compose report: 20240303.n.1 changes
OLD: Fedora-40-20240302.n.0 NEW: Fedora-40-20240303.n.1 = SUMMARY = Added images:2 Dropped images: 2 Added packages: 0 Dropped packages:0 Upgraded packages: 3 Downgraded packages: 0 Size of added packages: 0 B Size of dropped packages:0 B Size of upgraded packages: 466.32 MiB Size of downgraded packages: 0 B Size change of upgraded packages: -6.05 MiB Size change of downgraded packages: 0 B = ADDED IMAGES = Image: Silverblue dvd-ostree x86_64 Path: Silverblue/x86_64/iso/Fedora-Silverblue-ostree-x86_64-40-20240303.n.1.iso Image: Silverblue dvd-ostree ppc64le Path: Silverblue/ppc64le/iso/Fedora-Silverblue-ostree-ppc64le-40-20240303.n.1.iso = DROPPED IMAGES = Image: Kinoite dvd-ostree x86_64 Path: Kinoite/x86_64/iso/Fedora-Kinoite-ostree-x86_64-40-20240302.n.0.iso Image: Kinoite dvd-ostree aarch64 Path: Kinoite/aarch64/iso/Fedora-Kinoite-ostree-aarch64-40-20240302.n.0.iso = ADDED PACKAGES = = DROPPED PACKAGES = = UPGRADED PACKAGES = Package: firefox-123.0-2.fc40 Old package: firefox-123.0-1.fc40 Summary: Mozilla Firefox Web browser RPMs: firefox firefox-langpacks Size: 454.34 MiB Size change: -5.98 MiB Changelog: * Wed Feb 21 2024 Daniel Rusek - 123.0-2 - Add matching AppStream metadata for org.mozilla.firefox.desktop * Fri Feb 23 2024 Martin Stransky - 123.0-2 - Fixed PGO builds and enabled it again. Package: gnome-desktop3-44.0-15.fc40 Old package: gnome-desktop3-44.0-14.fc40 Summary: Library with common API for various GNOME modules RPMs: gnome-desktop3 gnome-desktop3-devel gnome-desktop3-tests gnome-desktop4 gnome-desktop4-devel Size: 4.69 MiB Size change: -72.79 KiB Changelog: * Tue Feb 27 2024 Adam Williamson - 44.0-15 - Drop downstream patches for anaconda webui workflow Package: gnome-shell-46~beta-7.fc40 Old package: gnome-shell-46~beta-6.fc40 Summary: Window management and application launching for GNOME RPMs: gnome-shell Size: 7.29 MiB Size change: 1.15 KiB Changelog: * Tue Feb 27 2024 Adam Williamson - 46~beta-7 - Drop downstream patches for anaconda webui workflow = DOWNGRADED PACKAGES = -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[EPEL-devel] Fedora EPEL 9 updates-testing report
The following Fedora EPEL 9 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-ad53379349 suricata-6.0.16-1.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1cefeeb8f5 cpp-jwt-1.4-7.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-99e002f742 chromium-122.0.6261.94-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing ganglia-3.7.2-47.el9 gnome-shell-extension-caffeine-42-2.20230922.git6e71c3b.el9 rpki-client-9.0-1.el9 stockfish-16.1-7.el9 xournalpp-1.2.3-1.el9 Details about builds: ganglia-3.7.2-47.el9 (FEDORA-EPEL-2024-e14c8b1f37) Distributed Monitoring System Update Information: Update to new version of ganglia web improving compatibility with PHP8. ChangeLog: * Sun Mar 3 2024 Terje Rosten - 3.7.2-47 - Add more PHP8 patches References: [ 1 ] Bug #2180500 - ganglia-web not working due to changes in PHP 8 https://bugzilla.redhat.com/show_bug.cgi?id=2180500 gnome-shell-extension-caffeine-42-2.20230922.git6e71c3b.el9 (FEDORA-EPEL-2024-57ccc76b35) Disable the screen saver and auto suspend in gnome shell Update Information: Fixes bug were preference window crashes on Gnome 40 ChangeLog: * Sun Mar 3 2024 Jeremy Newton - 42-2.20230922.git6e71c3b - Use git snapshot instead of patches to fix RHBZ$2249926 * Sun Mar 3 2024 Jeremy Newton - 42-2 - fix RHBZ$2249926 References: [ 1 ] Bug #2249926 - Can not open caffeine preferences out of the extension app https://bugzilla.redhat.com/show_bug.cgi?id=2249926 rpki-client-9.0-1.el9 (FEDORA-EPEL-2024-3393e5745f) OpenBSD RPKI validator to support BGP Origin Validation Update Information: rpki-client 9.0 Added support for RPKI Signed Prefix Lists Signed Prefix Lists carry the complete list of prefixes which an Autonomous System may originate its routing peers. The validation of a Signed Prefix List confirms that the holder of the listed ASN produced the object. This list is a current, accurate and complete description of address prefixes that may be announced into the routing system originated by this AS. https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist Signed prefix lists are only parsed in filemode or if rpki-client is run with the new -x flag. Added an -x flag to opt into parsing and evaluation of file types that are still considered experimental. At this point in time this covers the signed prefix lists. Added a metric to track the number of new files that were moved to the validated cache. In the OpenMetrics output, per-repository counters are shown. The main process and the JSON output only show the total. Per the announcement in the last release, the stale manifest counters were removed from the OpenMetrics and the JSON output. Ensure that the FileAndHashes list in a Manifest contains no duplicate file names and no duplicate hashes. Various refactoring work, notably to reduce the warning spam generated by OpenSSL 3's deprecations and to remove unergonomic internal structs. ChangeLog: * Sun Mar 3 2024 Robert Scheck 9.0-1 - Upgrade to 9.0 (#2267565) References: [ 1 ] Bug #2267565 - rpki-client-9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2267565 stockfish-16.1-7.el9 (FEDORA-EPEL-2024-9f89c4d83b) Powerful open source chess engine Update Information: Build with profile-guided optimization; respect distribution compiler flags (and generate useful debuginfo); and use the x86_64v2 baseline requirement in RHEL9 to build for x86-64-sse41-popcnt architecture, resulting in a
Fedora rawhide compose report: 20240303.n.1 changes
OLD: Fedora-Rawhide-20240302.n.0 NEW: Fedora-Rawhide-20240303.n.1 = SUMMARY = Added images:5 Dropped images: 4 Added packages: 4 Dropped packages:1 Upgraded packages: 96 Downgraded packages: 0 Size of added packages: 743.36 MiB Size of dropped packages:10.61 MiB Size of upgraded packages: 3.37 GiB Size of downgraded packages: 0 B Size change of upgraded packages: 140.73 MiB Size change of downgraded packages: 0 B = ADDED IMAGES = Image: Kinoite dvd-ostree ppc64le Path: Kinoite/ppc64le/iso/Fedora-Kinoite-ostree-ppc64le-Rawhide-20240303.n.1.iso Image: Workstation live-osbuild aarch64 Path: Workstation/aarch64/iso/Fedora-Workstation-Live-osb-Rawhide-20240303.n.1.aarch64.iso Image: Workstation live aarch64 Path: Workstation/aarch64/iso/Fedora-Workstation-Live-aarch64-Rawhide-20240303.n.1.iso Image: Silverblue dvd-ostree ppc64le Path: Silverblue/ppc64le/iso/Fedora-Silverblue-ostree-ppc64le-Rawhide-20240303.n.1.iso Image: Workstation live-osbuild x86_64 Path: Workstation/x86_64/iso/Fedora-Workstation-Live-osb-Rawhide-20240303.n.1.x86_64.iso = DROPPED IMAGES = Image: Silverblue dvd-ostree x86_64 Path: Silverblue/x86_64/iso/Fedora-Silverblue-ostree-x86_64-Rawhide-20240302.n.0.iso Image: Kinoite dvd-ostree x86_64 Path: Kinoite/x86_64/iso/Fedora-Kinoite-ostree-x86_64-Rawhide-20240302.n.0.iso Image: Silverblue dvd-ostree aarch64 Path: Silverblue/aarch64/iso/Fedora-Silverblue-ostree-aarch64-Rawhide-20240302.n.0.iso Image: Kinoite dvd-ostree aarch64 Path: Kinoite/aarch64/iso/Fedora-Kinoite-ostree-aarch64-Rawhide-20240302.n.0.iso = ADDED PACKAGES = Package: clang17-17.0.6-6.fc41 Summary: A C language family front-end for LLVM RPMs:clang17 clang17-analyzer clang17-devel clang17-libs clang17-resource-filesystem clang17-tools-extra clang17-tools-extra-devel git-clang-format17 Size:242.17 MiB Package: compiler-rt17-17.0.6-6.fc41 Summary: LLVM "compiler-rt" runtime libraries RPMs:compiler-rt17 Size:7.61 MiB Package: lld17-17.0.6-4.fc41 Summary: The LLVM Linker RPMs:lld17 lld17-devel lld17-libs Size:6.08 MiB Package: llvm17-17.0.6-6.fc41 Summary: The Low Level Virtual Machine RPMs:llvm17 llvm17-cmake-utils llvm17-devel llvm17-doc llvm17-googletest llvm17-libs llvm17-static llvm17-test Size:487.50 MiB = DROPPED PACKAGES = Package: drumstick0-0.5.0-36.fc40 Summary: C++/Qt4 wrapper around the ALSA library sequencer interface RPMs:drumstick0 drumstick0-devel Size:10.61 MiB = UPGRADED PACKAGES = Package: AusweisApp2-2.1.0-4.fc41 Old package: AusweisApp2-2.1.0-1.fc41 Summary: Online identification with German ID card (Personalausweis) RPMs: AusweisApp2 AusweisApp2-data AusweisApp2-doc Size: 21.88 MiB Size change: 2.29 KiB Changelog: * Sat Mar 02 2024 Julian Sikorski - 2.1.0-2 - Add background information for the legacy openssl API patch * Sat Mar 02 2024 Julian Sikorski - 2.1.0-3 - Fix OpenSSL config generation * Sat Mar 02 2024 Julian Sikorski - 2.1.0-4 - Really fix OpenSSL config generation Package: accel-config-4.1.2-5.fc41 Old package: accel-config-4.1.1-4.fc40 Summary: Configure accelerator subsystem devices RPMs: accel-config accel-config-devel accel-config-libs Size: 301.67 KiB Size change: 692 B Changelog: * Sun Mar 03 2024 Jun Miao - 4.1.2-5 - Update to v4.1.2 release Package: armadillo-12.8.1-1.fc41 Old package: armadillo-12.8.0-1.fc40 Summary: Fast C++ matrix library with syntax similar to MATLAB and Octave RPMs: armadillo armadillo-devel Size: 10.89 MiB Size change: 1.54 KiB Changelog: * Sat Mar 02 2024 Fedora Release Monitoring - 12.8.1-1 - Update to 12.8.1 (#2267418) Package: bfs-3.1.2-1.fc41 Old package: bfs-3.0.4-3.fc40 Summary: A breadth-first version of the UNIX find command RPMs: bfs Size: 579.87 KiB Size change: 44.84 KiB Changelog: * Sat Mar 02 2024 Gustavo Costa - 3.1.2-1 - Update to 3.1.2 (rhbz#2263151) Package: bout++-5.1.0-9.fc41 Old package: bout++-5.1.0-8.fc41 Summary: Library for the BOUndary Turbulence simulation framework RPMs: bout++-common bout++-doc bout++-mpich bout++-mpich-devel bout++-openmpi bout++-openmpi-devel python3-bout++ python3-bout++-mpich python3-bout++-openmpi Size: 18.17 MiB Size change: 2.55 KiB Changelog: * Sat Mar 02 2024 Antonio Trande - 5.1.0-9 - Rebuild again for sundials-6.7.0 Package: boxed-cpp-1.4.0-1.fc41 Old package: boxed-cpp-1.3.0-1.fc40 Summary: Boxing primitive types in C++ RPMs: boxed-cpp-devel Size: 92.79 KiB Size change: 1.99 KiB Changelog: * Sun Feb 11 2024 topazus - 1.3.0-2 - disable packit on epel * Sat Mar 02 2024 Packit - 1.4.0-1 - [packit] 1.4.0 upstream release - Resolves rhbz#2267433 Package: cantera-3.0.0-9.fc41 Old package: cantera-3.0.0-8.fc41 Summary: Chemica
[Bug 2267133] perl-Business-ISBN-Data-20240229.001 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2267133 --- Comment #5 from Fedora Update System --- FEDORA-2024-3b124b07b7 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-3b124b07b7` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-3b124b07b7 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2267133 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202267133%23c5 -- ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2267478] perl-Business-ISBN-Data-20240302.001 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2267478 --- Comment #4 from Fedora Update System --- FEDORA-2024-3b124b07b7 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-3b124b07b7` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-3b124b07b7 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2267478 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202267478%23c4 -- ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2265610] perl-Log-ger-0.042 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2265610 --- Comment #4 from Fedora Update System --- FEDORA-2024-8e17c24798 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-8e17c24798` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-8e17c24798 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2265610 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202265610%23c4 -- ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2266094] perl-Compress-Raw-Zlib-2.209 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2266094 --- Comment #4 from Fedora Update System --- FEDORA-2024-4007a7bed3 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-4007a7bed3` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-4007a7bed3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2266094 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202266094%23c4 -- ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Heads-up: Updating libunibreak to 6.1 in rawhide and F40
I plan to update libunibreak to version 6.1 in rawhide and F40 in about a week. This update comes with an soname bump. The following packages depend on libunibreak: fedrq wrsrc -Xs libunibreak -F name coolreader fbreader krita naev I ran a smoke test in Copr [1] rebuilding those packages against libunibreak-6.1 and all packages built successfully. I added the maintainers in Bcc. Please use the following side tags for rebuilding your package against the updated libunibreak: rawhide: f41-build-side-85041 f40: f40-build-side-85045 [1] https://copr.fedorainfracloud.org/coprs/gui1ty/libunibreak_6/builds/ Cheers, -- Sandro FAS: gui1ty Matrix:Penguinpee Elsewhere: [Pp]enguinpee -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [Fedora-legal-list] Trivy for licenses
Hi Maxwell: On Sun, Mar 3, 2024, Maxwell G wrote: > Has anyone every used trivy [1] to scan for licenses? It appears more > robust and better maintained than askalono-cli and can detect files with > multiple licenses and licenses embedded in file headers. I have been > running it with "trivy fs --scanners license --license-full ." > > [1] https://github.com/aquasecurity/trivy IMHO trivy is not a robust tool for license detection from me trying it. It is mostly based on google/licenseclassifier which had a single commit in the last 17 months, and this means this is not more maintained than askalono (and frankly both are fairly lightweight tools for license detection). Trivy adds SPDX expression parsing on top of the google/licenseclassifier and that's it. I would not rely on these for anything serious and certainly not to scan code for license prior to its inclusion in Fedora. If you want robust license detection, consider using ScanCode [2] and Scancode.io [3] for more complex pipelines. Both are tools that I co-maintain and are considered as better tools for this. Do not hesitate to reach out for help! Not directly related, I just found out ScanCode has been used for building large code LLMs [4] [1] https://github.com/google/licenseclassifier [2] https://github.com/nexB/scancode-toolkit [3] https://github.com/nexB/scancode.io [4] https://huggingface.co/papers/2402.19173 -- Cordially Philippe Ombredanne +1 650 799 0949 | pombreda...@nexb.com AboutCode - Open source for open source - https://www.aboutcode.org VulnerableCode - the open code and open data vulnerability database - https://github.com/nexb/vulnerablecode ScanCode - scan your code, for origin/license/vulnerabilities, report SBOMs - https://github.com/nexB/scancode-toolkit https://github.com/nexB/scancode.io package-url - the mostly universal SBOM identifier for packages - https://github.com/package-url DejaCode - What's in your code?! - http://www.dejacode.com -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Trivy for licenses
On Sun Mar 3, 2024 at 17:28 +0100, Miroslav Suchý wrote: > Dne 03. 03. 24 v 7:35 Maxwell G napsal(a): > > > > Has anyone every used trivy [1] to scan for licenses? It appears more > > robust and better maintained than askalono-cli > > and can detect files with multiple licenses and licenses embedded in file > > headers. I have been running it with "trivy > > fs --scanners license --license-full ." > > > > [1] https://github.com/aquasecurity/trivy > > This is new to me. Yeah, me too. I had not seen it anywhere before, so I figured I would ask about it. > Looks good. I will add it to > https://docs.fedoraproject.org/en-US/legal/license-audit-tools/ Cool! Feel free to tag me if you would like a review of the docs PR. > And the upstream provides rpm. Static build, but better than nothing. I or another member of the Go SIG could probably package it if there is interest. -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Trivy for licenses
Dne 03. 03. 24 v 7:35 Maxwell G napsal(a): Has anyone every used trivy [1] to scan for licenses? It appears more robust and better maintained than askalono-cli and can detect files with multiple licenses and licenses embedded in file headers. I have been running it with "trivy fs --scanners license --license-full ." [1] https://github.com/aquasecurity/trivy This is new to me. Looks good. I will add it to https://docs.fedoraproject.org/en-US/legal/license-audit-tools/ It has more verbose output than askalono or licensecheck, but less detailed than scancode-toolkit. And the upstream provides rpm. Static build, but better than nothing. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: libxslxwriter (misspelled package) in zombie state
On Sun, Mar 03, 2024 at 10:55:54AM +0100, Miro Hrončok wrote: > On 02. 03. 24 23:28, Richard W.M. Jones wrote: > >On Sat, Mar 02, 2024 at 10:16:02PM +0100, Miro Hrončok wrote: > >>On 02. 03. 24 11:31, Richard W.M. Jones wrote: > >>>On Fri, Mar 01, 2024 at 10:00:20AM -0800, Kevin Fenzi wrote: > On Fri, Mar 01, 2024 at 11:49:06AM +, Richard W.M. Jones wrote: > > > >We were discussing this on IRC, so just to bring the topic up on the > >mailing list ... > > > >(1) Package libxslxwriter (note: "xslx") with only automated activity > >and no builds: > >https://src.fedoraproject.org/rpms/libxslxwriter/commits/rawhide > >https://koji.fedoraproject.org/koji/packageinfo?packageID=32741 > > > >(2) Package libxlsxwriter (note: "xlsx") which is normal: > >https://src.fedoraproject.org/rpms/libxlsxwriter/commits/rawhide > >https://koji.fedoraproject.org/koji/packageinfo?packageID=32754 > > > >It seems like the first package is in some sort of zombie state? > > Yeah, the package owner (or a provenpackager) should just be able to > 'fedpkg retire' it... > >>> > >>>Well I took that as a hint and I ran the retire command. I'm not sure > >>>if it actually worked completely. There was an error towards the end: > >>> > >>>$ fedpkg retire > >>>"https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/X6ADYQA27WRLDQYAL3MHMGCHN3NQY47S/; > >>>rm '.gitignore' > >>>rm 'README.md' > >>>rm 'libxlsxwriter.spec' > >>>rm 'libxlsxwriter_sover.patch' > >>>rm 'libxlsxwriter_zlib.patch' > >>>rm 'sources' > >>>[rawhide 922af46] > >>>https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/X6ADYQA27WRLDQYAL3MHMGCHN3NQY47S/ > >>> 7 files changed, 1 insertion(+), 143 deletions(-) > >>> delete mode 100644 .gitignore > >>> delete mode 100644 README.md > >>> create mode 100644 dead.package > >>> delete mode 100644 libxlsxwriter.spec > >>> delete mode 100644 libxlsxwriter_sover.patch > >>> delete mode 100644 libxlsxwriter_zlib.patch > >>> delete mode 100644 sources > >>>... > >>>Could not execute retire: The following error occurred while disabling > >>>monitoring: You are not allowed to modify this project > >> > >>This seems like https://pagure.io/fedpkg/issue/505 > >> > >>The package is retired in dist-git: > >> > >>https://src.fedoraproject.org/rpms/libxslxwriter/commits/rawhide > > > >OK .. but is it retired? > > It is now. When you asked, it might have been only partially > retired. Package retirement is an asynchronous chain of events. > > 1. It is retired in rawhide distgit bacuase it has the dead.package file ✔️ > > 2. It is "active: false" in rawhide PDC ✔️ > https://pdc.fedoraproject.org/rest_api/v1/component-branches/?name=rawhide_component=libxslxwriter > > 3. It is blocked in f41 Koji ✔️ > $ koji list-pkgs --show-blocked --tag f41 --quiet --package libxslxwriter > libxslxwriter f41 > smani [BLOCKED] > > 4. It is not in the rawhide repository ✔️ > This package never was, so :/ > > > For docs, see > https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#_koji Thanks! Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported. http://fedoraproject.org/wiki/MinGW -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2267478] perl-Business-ISBN-Data-20240302.001 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2267478 --- Comment #3 from Fedora Update System --- FEDORA-2024-3b124b07b7 (perl-Business-ISBN-Data-20240302.001-1.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-3b124b07b7 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2267478 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202267478%23c3 -- ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2267478] perl-Business-ISBN-Data-20240302.001 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2267478 Fedora Update System changed: What|Removed |Added Fixed In Version||perl-Business-ISBN-Data-202 ||40302.001-1.fc41 Resolution|--- |ERRATA Status|MODIFIED|CLOSED Last Closed||2024-03-03 10:20:20 --- Comment #2 from Fedora Update System --- FEDORA-2024-37d7c67df1 (perl-Business-ISBN-Data-20240302.001-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2267478 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202267478%23c2 -- ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2267478] perl-Business-ISBN-Data-20240302.001 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2267478 Fedora Update System changed: What|Removed |Added Status|NEW |MODIFIED --- Comment #1 from Fedora Update System --- FEDORA-2024-37d7c67df1 (perl-Business-ISBN-Data-20240302.001-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-37d7c67df1 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2267478 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202267478%23c1 -- ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: libxslxwriter (misspelled package) in zombie state
On 02. 03. 24 23:28, Richard W.M. Jones wrote: On Sat, Mar 02, 2024 at 10:16:02PM +0100, Miro Hrončok wrote: On 02. 03. 24 11:31, Richard W.M. Jones wrote: On Fri, Mar 01, 2024 at 10:00:20AM -0800, Kevin Fenzi wrote: On Fri, Mar 01, 2024 at 11:49:06AM +, Richard W.M. Jones wrote: We were discussing this on IRC, so just to bring the topic up on the mailing list ... (1) Package libxslxwriter (note: "xslx") with only automated activity and no builds: https://src.fedoraproject.org/rpms/libxslxwriter/commits/rawhide https://koji.fedoraproject.org/koji/packageinfo?packageID=32741 (2) Package libxlsxwriter (note: "xlsx") which is normal: https://src.fedoraproject.org/rpms/libxlsxwriter/commits/rawhide https://koji.fedoraproject.org/koji/packageinfo?packageID=32754 It seems like the first package is in some sort of zombie state? Yeah, the package owner (or a provenpackager) should just be able to 'fedpkg retire' it... Well I took that as a hint and I ran the retire command. I'm not sure if it actually worked completely. There was an error towards the end: $ fedpkg retire "https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/X6ADYQA27WRLDQYAL3MHMGCHN3NQY47S/; rm '.gitignore' rm 'README.md' rm 'libxlsxwriter.spec' rm 'libxlsxwriter_sover.patch' rm 'libxlsxwriter_zlib.patch' rm 'sources' [rawhide 922af46] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/X6ADYQA27WRLDQYAL3MHMGCHN3NQY47S/ 7 files changed, 1 insertion(+), 143 deletions(-) delete mode 100644 .gitignore delete mode 100644 README.md create mode 100644 dead.package delete mode 100644 libxlsxwriter.spec delete mode 100644 libxlsxwriter_sover.patch delete mode 100644 libxlsxwriter_zlib.patch delete mode 100644 sources ... Could not execute retire: The following error occurred while disabling monitoring: You are not allowed to modify this project This seems like https://pagure.io/fedpkg/issue/505 The package is retired in dist-git: https://src.fedoraproject.org/rpms/libxslxwriter/commits/rawhide OK .. but is it retired? It is now. When you asked, it might have been only partially retired. Package retirement is an asynchronous chain of events. 1. It is retired in rawhide distgit bacuase it has the dead.package file ✔️ 2. It is "active: false" in rawhide PDC ✔️ https://pdc.fedoraproject.org/rest_api/v1/component-branches/?name=rawhide_component=libxslxwriter 3. It is blocked in f41 Koji ✔️ $ koji list-pkgs --show-blocked --tag f41 --quiet --package libxslxwriter libxslxwriter f41 smani [BLOCKED] 4. It is not in the rawhide repository ✔️ This package never was, so :/ For docs, see https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#_koji -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
