[Bug 1503925] Review Request: exercism-cli - Command-line interface to exercism.io

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503925



--- Comment #1 from Elliott Sales de Andrade  ---
koji scratch build:
https://koji.fedoraproject.org/koji/taskinfo?taskID=22538450

though for some reason, it wants to build for ppc64 even though Go doesn't want
to work there and I set ExclusiveArch...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503925] New: Review Request: exercism-cli - Command-line interface to exercism.io

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503925

Bug ID: 1503925
   Summary: Review Request: exercism-cli - Command-line interface
to exercism.io
   Product: Fedora
   Version: rawhide
 Component: Package Review
  Assignee: nob...@fedoraproject.org
  Reporter: quantum.anal...@gmail.com
QA Contact: extras...@fedoraproject.org
CC: package-review@lists.fedoraproject.org




Spec URL: http://qulogic.fedorapeople.org//exercism-cli.spec
SRPM URL: http://qulogic.fedorapeople.org//exercism-cli-2.4.1-1.fc26.src.rpm

Description:
Exercism allows you to download and solve practice problems in over 30
different languages. Exercism takes place in two places: the discussions happen
on the website, and you work on exercises locally. The Command Line Interface
bridges the gap, allowing you to fetch exercises and submit solutions to the
site.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503915] Review Request: roca-detect - test RSA public keys for ROCA vulnerability

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503915



--- Comment #2 from Stuart D Gathman  ---
The package does build and run correctly on CentOS-7 with EPEL.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503915] Review Request: roca-detect - test RSA public keys for ROCA vulnerability

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503915



--- Comment #1 from Stuart D Gathman  ---
Note that the test suite fails when building on F25.  I don't plan on debugging
this, as F25 will be EOL by the time this gets reviewed.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503915] New: Review Request: roca-detect - test RSA public keys for ROCA vulnerability

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503915

Bug ID: 1503915
   Summary: Review Request: roca-detect - test RSA public keys for
ROCA vulnerability
   Product: Fedora
   Version: rawhide
 Component: Package Review
  Severity: medium
  Priority: medium
  Assignee: nob...@fedoraproject.org
  Reporter: stu...@gathman.org
QA Contact: extras...@fedoraproject.org
CC: package-review@lists.fedoraproject.org



Spec URL: https://gathman.org/linux/SPECS/roca-detect.spec
SRPM URL:
https://gathman.org/linux/f26/x86_64/roca-detect-1.0.7-2.fc26.noarch.rpm
Description: This tool is related to the [ACM CCS 2017 conference paper #124
Return of the Coppersmith’s Attack: Practical Factorization of Widely Used RSA
Moduli](https://crocs.fi.muni.cz/public/papers/rsa_ccs17).

Example output when run on /etc/pki/rpm-gpg/* on a Fedora 26 system (with
rpmfusing and other extra repos):

2017Oct19 00:13:22 ### SUMMARY 
2017Oct19 00:13:22 Records tested: 158
2017Oct19 00:13:22 .. PEM certs: . . . 0
2017Oct19 00:13:22 .. DER certs: . . . 0
2017Oct19 00:13:22 .. RSA key files: . 0
2017Oct19 00:13:22 .. PGP master keys: 177
2017Oct19 00:13:22 .. PGP total keys:  272
2017Oct19 00:13:22 .. SSH keys:  . . . 0
2017Oct19 00:13:22 .. APK keys:  . . . 0
2017Oct19 00:13:22 .. JSON keys: . . . 0
2017Oct19 00:13:22 .. LDIFF certs: . . 0
2017Oct19 00:13:22 .. JKS certs: . . . 0
2017Oct19 00:13:22 .. PKCS7: . . . . . 0
2017Oct19 00:13:22 No fingerprinted keys found (OK)
2017Oct19 00:13:22 

Fedora Account System Username: sdgathman

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1481630] Review Request: VirtualBox-guest-additions - VirtualBox Guest Additions

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1481630

Neal Gompa  changed:

   What|Removed |Added

  Flags||needinfo?(hdegoede@redhat.c
   ||om)



--- Comment #25 from Neal Gompa  ---
So VirtualBox 5.2 released... Is there an update to this based on the final
release? Also, how has upstreaming the kernel part gone?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1501500] Review Request: containerd - An industry-standard container runtime

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1501500



--- Comment #3 from Lokesh Mandvekar  ---
Also, looking at the spec, might wanna change golang to be >= 1.9, doesn't
matter if that means it won't build for f26.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1501500] Review Request: containerd - An industry-standard container runtime

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1501500



--- Comment #2 from Lokesh Mandvekar  ---
= MUST items =

C/C++:
[-]: Package does not contain kernel modules.
[-]: Package contains no static executables.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
 other legal requirements as defined in the legal section of Packaging
 Guidelines.
[x]: License field in the package spec file matches the actual license.
 Note: Checking patched sources after %prep for licenses. Licenses
 found: "Apache (v2.0)", "CC by-sa (v4.0)", "*No copyright* BSD (2
 clause)", "Unknown or generated", "MIT/X11 (BSD like)", "ISC", "BSD (3
 clause)", "BSD (2 clause)", "do What The Fuck you want to Public
 License (v2)", "*No copyright* Apache (v2.0)". 1241 files have unknown
 license. Detailed output of licensecheck in
 /home/lsm5/reviews/1501500-containerd/licensecheck.txt


[!]: Package requires other packages for directories it uses.
 Note: No known owner of /etc/containerd
[!]: Package must own all directories that it creates.
 Note: Directories without known owners: /etc/containerd

Owning /etc/containerd should make these two go away.

[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
 names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
 Provides are present.
[!]: Requires correct, justified where necessary.

See the Requires section below.

[x]: Spec file is legible and written in American English.
[x]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
 (~1MB) or number of files.
 Note: Documentation size is 20480 bytes in 1 files.
[x]: Package complies to the Packaging Guidelines



Requires

containerd (rpmlib, GLIBC filtered):
/bin/sh
config(containerd)
libc.so.6()(64bit)
libdl.so.2()(64bit)
libpthread.so.0()(64bit)
rtld(GNU_HASH)
runc
systemd

You'll need to include systemd as a Requires since you're shipping a unitfile.
Also, probably need to include runc in there as well. Rest of them should be
automatically handled IIUC.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503026] Review Request: golang-github-templexxx-cpufeat - Implementation of internal/cpu in Go

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503026



--- Comment #9 from Fedora Update System  ---
golang-github-templexxx-cpufeat-0-0.1.20170927.git3794dfb.fc25 has been pushed
to the Fedora 25 testing repository. If problems still persist, please make
note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba9c896e21

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1443076] Review Request: java-9-openjdk - OpenJDK Runtime Environment in implementation of java 9 specification

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1443076

Dominik 'Rathann' Mierzejewski  changed:

   What|Removed |Added

 CC||domi...@greysector.net



--- Comment #56 from Dominik 'Rathann' Mierzejewski  ---
Nobody noticed that %changelog has wrong versions:

%changelog
* Tue Oct 10 2017 Jiri Vanek  - 1:1.9.0.0-9.b163
- now owning dir etcjavasubdir

* Tue Oct 10 2017 Jiri Vanek  - 1:1.9.0.0-8.b163
- EC no longer built

* Tue Oct 10 2017 Jiri Vanek  - 1:1.9.0.0-7.b163
- now owning dir etcjavadir

* Thu Oct 05 2017 Jiri Vanek  - 1:1.9.0.0-4.b163
- config files moved to etc

* Tue Aug 29 2017 Michal Vala   - 1:1.9.0.0-3.b163
- changed  archinstall to i686
- added ownership of lib/client/

while package versions are:
9.0.0.181-1.fc28
9.0.0.181-2.fc28
...
9.0.0.181-9.fc28

Where are the %changelog entries for -1, -2, -5 and -6?

You could also have dropped the Epoch: from the package, since it's a
completely new package and kept it only in the virtual Provides:. Actually, the
use of Epoch: in a NEW package must be justified in the review. It wasn't. See
https://fedoraproject.org/wiki/Packaging:Versioning .

Requires: xorg-x11-fonts-Type1
Seriously? Does Java 9 still require legacy Type1 fonts in 2017?

# Require jpackage-utils for ownership of /usr/lib/jvm/
Requires: jpackage-utils
jpackage-utils was renamed to javapackages-tools in 2012, why are you still
using the old name?

Patches are not accompanied by links to Fedora or upstream bug reports.

I'd argue that the spec file fails the spec legibility rule. There are many
macros whose purpose isn't obvious. For example:
%global aarch64 aarch64 arm64 armv8
...
#images stub
%global jdkimage   jdk

It's also full of typos and unintelligible comments, for example:
# elfutils ony are ok for built without AOT
I have no idea what the above means.
Or this:
# Zero-assembler build requirement.
Comments are supposed to explain something. The one above doesn't.

See: https://fedoraproject.org/wiki/Packaging:Guidelines#Spec_Legibility .

This package would not have passed review as-is if I was the reviewer. Sorry to
be blunt, but it looks like a bad copy and paste from older openjdk spec file.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1481046] Review Request: python-html5-parser - A fast, standards compliant, C based, HTML 5 parser for python

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1481046



--- Comment #11 from Kevin Fenzi  ---
(In reply to Raphael Groner from comment #10)
>
> There's no package sigil-gumbo. So your suggestion is pointless.

Well, there's not currently, there may be someday. 

It gets back to what you think the reason for adding the Provides is. 
IMHO it's to allow someone to see whats bundled in case they want to check all
packages for a known issue. That doesn't require that the package is in Fedora
only that packages that bundle it indicate so. 

> 
> My suggestion is explained in comment #6:
> Provides: gumbo-parser-static

But thats just incorrect, because it's not gumbo-parser, also that makes it
look like this thing provides a static lib someone could link to per
https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries

So, I guess I should file a FPC ticket and ask them what to put in Provides in
this case.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1389311] Review Request: python-events - Bringing the elegance of C# EventHanlder to Python

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1389311



--- Comment #9 from Fedora Update System  ---
python-events-0.2.1-1.fc26 has been pushed to the Fedora 26 testing repository.
If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-5e549dcac2

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1430135] Review Request: golang-github-jefferai-jsonx - Go (golang) library to transform JSON into JSONx

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1430135



--- Comment #7 from Fedora Update System  ---
golang-github-jefferai-jsonx-0-0.1.20160722git9cc31c3.fc26 has been pushed to
the Fedora 26 testing repository. If problems still persist, please make note
of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-2afd10026d

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503026] Review Request: golang-github-templexxx-cpufeat - Implementation of internal/cpu in Go

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503026



--- Comment #8 from Fedora Update System  ---
golang-github-templexxx-cpufeat-0-0.1.20170927.git3794dfb.fc26 has been pushed
to the Fedora 26 testing repository. If problems still persist, please make
note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-3dba4c14d1

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1499501] Review Request: gocomplete - A tool for bash writing bash completion in Go (Golang)

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1499501

Fedora Update System  changed:

   What|Removed |Added

 Status|CLOSED  |ON_QA
 Resolution|ERRATA  |---
   Keywords||Reopened



--- Comment #10 from Fedora Update System  ---
gocomplete-0-0.2.20170908git88e5976.fc26 has been pushed to the Fedora 26
testing repository. If problems still persist, please make note of it in this
bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-290e6893ec

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1468971] Review Request: freshmaker - A service scheduling rebuilds of artifacts as new content becomes available

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1468971

Fedora Update System  changed:

   What|Removed |Added

 Status|MODIFIED|ON_QA



--- Comment #14 from Fedora Update System  ---
freshmaker-0.0.6-1.el7 has been pushed to the Fedora EPEL 7 testing repository.
If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5980624af0

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1502091] Review Request: python-enlighten - Enlighten Progress Bar

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1502091



--- Comment #6 from Fedora Update System  ---
python-enlighten-1.0.6-1.el7 has been pushed to the Fedora EPEL 7 testing
repository. If problems still persist, please make note of it in this bug
report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-dba3a3a744

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1481046] Review Request: python-html5-parser - A fast, standards compliant, C based, HTML 5 parser for python

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1481046



--- Comment #10 from Raphael Groner  ---
(In reply to Kevin Fenzi from comment #9)
> So, I never got any replies on my post to the packaging list. ;( 
> 
> I can file a ticket, but now that I come back to it, I am not sure what the
> outstanding issue is here? Is "Provides: bundled(sigil-gumbo)" not
> right/good enough?

There's no package sigil-gumbo. So your suggestion is pointless.

My suggestion is explained in comment #6:
Provides: gumbo-parser-static

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1481046] Review Request: python-html5-parser - A fast, standards compliant, C based, HTML 5 parser for python

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1481046



--- Comment #9 from Kevin Fenzi  ---
So, I never got any replies on my post to the packaging list. ;( 

I can file a ticket, but now that I come back to it, I am not sure what the
outstanding issue is here? Is "Provides: bundled(sigil-gumbo)" not right/good
enough?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1499560] Review Request: lxi-tools - Tools collection to control LXI enabled instruments

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1499560



--- Comment #15 from Fedora Update System  ---
lxi-tools-1.1-1.fc25 has been pushed to the Fedora 25 stable repository. If
problems still persist, please make note of it in this bug report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1499559] Review Request: liblxi - Library with simple API for communication with LXI devices

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1499559



--- Comment #16 from Fedora Update System  ---
liblxi-1.0-2.fc25 has been pushed to the Fedora 25 stable repository. If
problems still persist, please make note of it in this bug report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1476458] Review Request: paho-c - MQTT client library in C

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1476458



--- Comment #16 from Miroslav Suchý  ---
Can you please provide updated SRC.RPM? The latest I was able to find
 
https://copr-be.cloud.fedoraproject.org/results/orpiske/paho-testing/fedora-26-x86_64/00589833-paho-c/
contains different tar.gz file from the one located on the Source0 URL.
paho-c.src: W: file-size-mismatch v1.2.0.tar.gz = 441242,
https://github.com/eclipse/paho.mqtt.c/archive/v1.2.0.tar.gz = 431819


The description should be wrapped to 80 characters (you have 81).

paho-c.x86_64: W: shared-lib-calls-exit /usr/lib64/libpaho-mqtt3a.so.1.2.0
exit@GLIBC_2.2.5
paho-c.x86_64: W: shared-lib-calls-exit /usr/lib64/libpaho-mqtt3as.so.1.2.0
exit@GLIBC_2.2.5
paho-c.x86_64: W: shared-lib-calls-exit /usr/lib64/libpaho-mqtt3c.so.1.2.0
exit@GLIBC_2.2.5
paho-c.x86_64: W: shared-lib-calls-exit /usr/lib64/libpaho-mqtt3cs.so.1.2.0
exit@GLIBC_2.2.5
shared-lib-calls-exit:
This library package calls exit() or _exit(), probably in a non-fork()
context. Doing so from a library is strongly discouraged - when a library
function calls exit(), it prevents the calling program from handling the
error, reporting it to the user, closing files properly, and cleaning up any
state that the program has. It is preferred for the library to return an
actual error code and let the calling program decide how to handle the
situation.

You cannot do anything about it as just maintainer. But you should at least
file issue for upstream.

paho-c.x86_64: W: crypto-policy-non-compliance-openssl
/usr/lib64/libpaho-mqtt3as.so.1.2.0 SSL_CTX_set_cipher_list
paho-c.x86_64: W: crypto-policy-non-compliance-openssl
/usr/lib64/libpaho-mqtt3cs.so.1.2.0 SSL_CTX_set_cipher_list
Again. File issue to upstream:
https://fedoraproject.org/wiki/Packaging:CryptoPolicies

paho-c-devel.x86_64: W: no-manual-page-for-binary MQTTAsync_publish
paho-c-devel.x86_64: W: no-manual-page-for-binary MQTTAsync_subscribe 
paho-c-devel.x86_64: W: no-manual-page-for-binary MQTTClient_publish
paho-c-devel.x86_64: W: no-manual-page-for-binary MQTTClient_publish_async
paho-c-devel.x86_64: W: no-manual-page-for-binary MQTTClient_subscribe
paho-c-devel.x86_64: W: no-manual-page-for-binary MQTTVersion
paho-c-devel.x86_64: W: no-manual-page-for-binary paho_c_pub
paho-c-devel.x86_64: W: no-manual-page-for-binary paho_c_sub
paho-c-devel.x86_64: W: no-manual-page-for-binary paho_cs_pub
paho-c-devel.x86_64: W: no-manual-page-for-binary paho_cs_sub
This is not blocker for the review, but you should write man pages for those
binaries.

paho-c-devel-doc.noarch: E: standard-dir-owned-by-package /usr/share/doc
You should not own that directory. Instead of
  %{_datadir}/*
use
  %{_defaultdocdir}/*

Are you sure that main package should not contain any /usr/bin/SOMETHING? It
now contains only library. Then such package should be named libpaho-c.

I would highly recommend renaming `%package devel-doc` to just `%package doc`.
The doc subpackage for such packages is nearly always meant for developers.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1502091] Review Request: python-enlighten - Enlighten Progress Bar

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1502091

Fedora Update System  changed:

   What|Removed |Added

 Status|MODIFIED|ON_QA



--- Comment #5 from Fedora Update System  ---
python-enlighten-1.0.6-1.fc27 has been pushed to the Fedora 27 testing
repository. If problems still persist, please make note of it in this bug
report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-81868e4554

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1430135] Review Request: golang-github-jefferai-jsonx - Go (golang) library to transform JSON into JSONx

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1430135

Fedora Update System  changed:

   What|Removed |Added

 Status|MODIFIED|ON_QA



--- Comment #6 from Fedora Update System  ---
golang-github-jefferai-jsonx-0-0.1.20160722git9cc31c3.fc27 has been pushed to
the Fedora 27 testing repository. If problems still persist, please make note
of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab551d924f

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503026] Review Request: golang-github-templexxx-cpufeat - Implementation of internal/cpu in Go

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503026

Fedora Update System  changed:

   What|Removed |Added

 Status|MODIFIED|ON_QA



--- Comment #7 from Fedora Update System  ---
golang-github-templexxx-cpufeat-0-0.1.20170927.git3794dfb.fc27 has been pushed
to the Fedora 27 testing repository. If problems still persist, please make
note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-d9d91cd0eb

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1389311] Review Request: python-events - Bringing the elegance of C# EventHanlder to Python

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1389311

Fedora Update System  changed:

   What|Removed |Added

 Status|MODIFIED|ON_QA



--- Comment #8 from Fedora Update System  ---
python-events-0.2.1-1.fc27 has been pushed to the Fedora 27 testing repository.
If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-8fc9424a56

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1501002] Review Request: golang-github-pquerna-otp - TOTP Library for Go (Golang)

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1501002

Fedora Update System  changed:

   What|Removed |Added

 Status|MODIFIED|ON_QA



--- Comment #4 from Fedora Update System  ---
golang-github-pquerna-otp-1.0.0-1.fc27 has been pushed to the Fedora 27 testing
repository. If problems still persist, please make note of it in this bug
report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-99b9b0f37c

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1430147] Review Request: golang-github-mgutz-logxi - A 12-factor app logger built for performance and happy development

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1430147



--- Comment #13 from Fedora Update System  ---
golang-github-mgutz-logxi-1-1.fc26 has been pushed to the Fedora 26 stable
repository. If problems still persist, please make note of it in this bug
report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1499560] Review Request: lxi-tools - Tools collection to control LXI enabled instruments

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1499560



--- Comment #14 from Fedora Update System  ---
lxi-tools-1.1-1.fc26 has been pushed to the Fedora 26 stable repository. If
problems still persist, please make note of it in this bug report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1499559] Review Request: liblxi - Library with simple API for communication with LXI devices

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1499559



--- Comment #15 from Fedora Update System  ---
liblxi-1.0-2.fc26 has been pushed to the Fedora 26 stable repository. If
problems still persist, please make note of it in this bug report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503765] New: Review Request: icat - display images in terminal

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503765

Bug ID: 1503765
   Summary: Review Request: icat - display images in terminal
   Product: Fedora
   Version: rawhide
 Component: Package Review
  Severity: medium
  Priority: medium
  Assignee: nob...@fedoraproject.org
  Reporter: fed...@svgames.pl
QA Contact: extras...@fedoraproject.org
CC: package-review@lists.fedoraproject.org



spec: https://svgames.pl/fedora/icat-0.4-2.spec
srpm: https://svgames.pl/fedora/icat-0.4-2.src.rpm
koji: https://koji.fedoraproject.org/koji/taskinfo?taskID=22527651

Description: icat outputs an image on a 256-color or 24-bit color enabled
terminals with UTF-8 locale, such as gnome-terminal, konsole or rxvt-unicode
(urxvt).

Fedora Account System Username: suve

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503609] Review Request: argon2 - The password-hashing tools

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503609

Fedora Update System  changed:

   What|Removed |Added

 Status|POST|MODIFIED



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503609] Review Request: argon2 - The password-hashing tools

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503609



--- Comment #7 from Fedora Update System  ---
argon2-20161029-1.fc27 has been submitted as an update to Fedora 27.
https://bodhi.fedoraproject.org/updates/FEDORA-2017-f4a5530602

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1474033] Review Request: ucx - Communication library implementing high-performance messaging

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1474033



--- Comment #28 from Michal Schmidt  ---
Notes about the license of src/ucs/datastruct/sglib.h:

  This is SGLIB version 1.0.3

  (C) by Marian Vittek, Bratislava, http://www.xref-tech.com/sglib, 2003-5

  License Conditions: You can use a verbatim copy (including this
  copyright notice) of sglib freely in any project, commercial or not.
  You can also use derivative forms freely under terms of Open Source
  Software license or under terms of GNU Public License.  If you need
  to use a derivative form in a commercial project, or you need sglib
  under any other license conditions, contact the author.

The first two conditions are sufficient to make the license OK for Fedora.
Third condition is a bit confusing. I think the word "commercial" in there
stands for "not open source".
There is a clarification at http://sglib.sourceforge.net/#license :

  Basically, I only care that you do not remove the Copyright notice from
  the source code when using Sglib.

  More precisely: you can use Sglib or its derivative forms (under the
  condition that the Copyright notice is preserved) in any project, whether
  commercial or not, free of charges. In particular, you can use Sglib under
  the terms of any license defined as an open source license by the Open
  Source Initiative (see http://www.opensource.org/). This includes most
  common open source licenses such as the BSD license and GNU GPL.

  If you need to use sglib under any particular license conditions, contact
  the author.

OK, so it is a very permissive free software (meta-)license.

Also note that though the header says "version 1.0.3", the source file matches
version 1.0.4 as available from
https://sourceforge.net/projects/sglib/files/sglib/ (the sglib developer simply
forgot to bump the version in the comment).

You may as well add:
  Provides: bundled(sglib) = 1.0.4

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1431952] Review Request: modules-tcl - Native Tcl version of the Environment Modules system

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1431952

Xavier Delaruelle  changed:

   What|Removed |Added

 Status|ASSIGNED|CLOSED
 Resolution|--- |NEXTRELEASE
Last Closed||2017-10-18 11:29:27



--- Comment #7 from Xavier Delaruelle  ---
You are right, I close my request.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1411984] neofetch - a CLI system information tool written in Bash

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1411984



--- Comment #28 from Kees de Jong  ---
(In reply to Robert-André Mauchin from comment #27)
>  - I don't think you should be using Recommends for optional dependencies.
> Just use normal Requires to give all fonctionalities to the user.
> 
> Following https://github.com/dylanaraps/neofetch/wiki/Dependencies, we need:
> 
> Requires:   w3m-img
> Requires:   ImageMagick
> Requires:   feh
> Requires:   scrot
> Requires:   curl
> Requires:   coreutils
> Requires:   xwininfo
> Requires:   xprop
> Requires:   xrandr
> Requires:   bind-utils
> Requires:   pciutils
> 
> The gawk dependencies is only for iOS. xdotool is not necessary, the
> function is already covered by xwininfo + xprop or xwininfo + xdpyinfo
> provided by xorg-x11-utils
> 
>  + Use a simplified Source0:
> 
> Source0:   
> https://github.com/dylanaraps/%{name}/archive/%{version}/%{name}-%{version}.
> tar.gz


Those are listed as optional dependencies. The reason I choose weak
dependencies is because this is package will mostly will be used in a terminal.
Some other functionality need the optional dependencies. So if you're running a
bare install i.e. a server, then you won't be in favor (I guess) to install all
these extra stuff, you won't need on a system without a GUI.





An example on a fresh install of Fedora Server:
# dnf install /tmp/neofetch-3.3.0-1.fc26.noarch.rpm
Last metadata expiration check: 0:09:19 ago on wo 18 okt 2017 16:40:43 CEST.
Dependencies resolved.
==
 Package  Arch 
   Version   Repository
 Size
==
Installing:
 neofetch noarch   
   3.3.0-1.fc26  @commandline  
 95 k
Installing dependencies:
 ImageMagick-libs x86_64   
   6.9.9.15-1.fc26   updates   
2.2 M
 OpenEXR-libs x86_64   
   2.2.0-6.fc26  fedora
628 k
 compat-openssl10 x86_64   
   1:1.0.2j-9.fc26   updates   
1.1 M
 fftw-libs-double x86_64   
   3.3.5-4.fc26  fedora
980 k
 gdk-pixbuf2-xlib x86_64   
   2.36.9-1.fc26 updates   
 50 k
 ghostscript-core x86_64   
   9.20-10.fc26  fedora
4.5 M
 ghostscript-fontsnoarch   
   5.50-36.fc26  fedora
328 k
 gpm-libs x86_64   
   1.20.7-10.fc26fedora
 36 k
 graphite2x86_64   
   1.3.10-1.fc26 fedora
117 k
 harfbuzz x86_64   
   1.4.4-1.fc26  fedora
253 k
 ilmbase  x86_64   
   2.2.0-8.fc26  fedora
104 k
 jbigkit-libs x86_64   
   2.1-6.fc26fedora
 51 k
 lcms2x86_64   
   2.8-3.fc26fedora
158 k
 libICE   x86_64   
   1.0.9-9.fc26  fedora
 70 k
 libSMx86_64   
   1.2.2-5.fc26  

[Bug 1501500] Review Request: containerd - An industry-standard container runtime

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1501500



--- Comment #1 from Lokesh Mandvekar  ---
This is a review *template*. Besides handling the [ ]-marked tests you are
also supposed to fix the template before pasting into bugzilla:
- Add issues you find to the list of issues on top. If there isn't such
  a list, create one.
- Add your own remarks to the template checks.
- Add new lines marked [!] or [?] when you discover new things not
  listed by fedora-review.
- Change or remove any text in the template which is plain wrong. In this
  case you could also file a bug against fedora-review
- Remove the "[ ] Manual check required", you will not have any such lines
  in what you paste.
- Remove attachments which you deem not really useful (the rpmlint
  ones are mandatory, though)
- Remove this text



Package Review
==

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed



= MUST items =

C/C++:
[ ]: Package does not contain kernel modules.
[ ]: Package contains no static executables.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[ ]: Package is licensed with an open-source compatible license and meets
 other legal requirements as defined in the legal section of Packaging
 Guidelines.
[ ]: License field in the package spec file matches the actual license.
 Note: Checking patched sources after %prep for licenses. Licenses
 found: "Apache (v2.0)", "CC by-sa (v4.0)", "*No copyright* BSD (2
 clause)", "Unknown or generated", "MIT/X11 (BSD like)", "ISC", "BSD (3
 clause)", "BSD (2 clause)", "do What The Fuck you want to Public
 License (v2)", "*No copyright* Apache (v2.0)". 1241 files have unknown
 license. Detailed output of licensecheck in
 /home/lsm5/reviews/1501500-containerd/licensecheck.txt
[ ]: Package requires other packages for directories it uses.
 Note: No known owner of /etc/containerd
[ ]: Package must own all directories that it creates.
 Note: Directories without known owners: /etc/containerd
[ ]: Package does not own files or directories owned by other packages.
 Note: Dirs in package are owned also by: /usr/lib/.build-id(iputils,
 gc, libtomcrypt, gdbm, gpgme, rpm-plugin-selinux, libnfsidmap, gdb-
 headless, trousers, bzip2-libs, unzip, libdb-utils, libcom_err,
 pycryptopp, libseccomp, gnutls, npth, p11-kit, libyaml, iptables-libs,
 rpm-build, device-mapper-persistent-data, cryptsetup-libs,
 python2-krbv, libselinux-utils, perl-Scalar-List-Utils, parted, zstd,
 mozjs17, libxslt, libpkgconf, libunistring, keyutils-libs, perl-
 Encode, elfutils, python2-cryptography, libgpg-error, lvm2-libs, perl-
 Digest-SHA, perl-Data-Dumper, gawk, python2-rpm, libbasicobjects,
 c-ares, python2-sqlalchemy, jansson, e2fsprogs-libs, apr,
 libsss_nss_idmap, deltarpm, file-libs, trousers-lib, libyubikey,
 python3-pycurl, zip, libnetfilter_conntrack, libtommath, libusbx,
 compat-openssl10, qrencode-libs, drpm, createrepo_c-libs, libtasn1,
 openssh, python3-dbus, sqlite, http-parser, tar, sudo, dhcp-client,
 libgomp, gcc, systemd-bootchart, dwz, python2-psutil, ebtables,
 libsmartcols, NetworkManager, pyliblzma, ncurses-libs, polkit, pigz,
 libpsl, python3-rpm, libini_config, openssh-clients, libuser, perl-
 libs, kbd, python3-cryptography, systemd, libacl, libnl3, libcap-ng,
 policycoreutils, libidn, grubby, lzo, libss, libbabeltrace, nspr,
 dbus, polkit-libs, perl-threads, perl-Params-Validate, libsss_certmap,
 python2-libcomps, rpm-plugin-systemd-inhibit, python2-pyyaml, audit-
 libs, nss-sysinit, python2-saslwrapper, libgcc, gettext-libs, p11-kit-
 trust, golang-github-cpuguy83-go-md2man, ykpers, python3-cffi, dbus-
 libs, libcrypt-nss, usermode, bash, glibc-common, linux-atm-libs,
 libedit, libidn2, python3-librepo, libuuid, subversion-libs, openssl,
 libarchive, isl, lvm2, libatomic_ops, xz, vim-minimal, NetworkManager-
 libnm, python2-libs, zeromq, groff-base, authconfig, libusb, dhcp-
 libs, python2-cccolutils, libtalloc, libldb, grep, guile, pcre-utf16,
 gnupg, cronie-anacron, libserf, xfsprogs, man-db, libcroco,
 python2-zmq, xz-libs, dbus-glib, timedatex, perl-Package-Stash-XS,
 skopeo, which, libcap, sssd-nfs-idmap, libdb, saslwrapper, passwd,
 kmod-libs, desktop-file-utils, cronie, rpm-libs, nettle, createrepo_c,
 fakeroot, python2-markupsafe, nss-tools, libpipeline, iproute,
 python2-gpg, findutils, popt, fakeroot-libs, libsss_idmap, gobject-
 introspection, libpwquality, krb5-workstation, python3-hawkey,
 iptables, iproute-tc, systemd-libs, cpio, lz4-libs, util-linux, patch,
 krb5-libs, sqlite-libs, enchant, pkgconf, pcre-cpp,
 python3-libselinux, rhash, sed, libipt, libsss_autofs, perl-threads-
 shared, libaio, kmod, nss-util, 

[Bug 1503609] Review Request: argon2 - The password-hashing tools

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503609



--- Comment #6 from Gwyn Ciesla  ---
(fedrepo-req-admin):  The Pagure repository was created at
https://src.fedoraproject.org/rpms/argon2

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503609] Review Request: argon2 - The password-hashing tools

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503609



--- Comment #5 from Remi Collet  ---
Pagure ticket for new package

https://pagure.io/releng/fedora-scm-requests/issue/2324
https://pagure.io/releng/fedora-scm-requests/issue/2325

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503609] Review Request: argon2 - The password-hashing tools

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503609



--- Comment #4 from Remi Collet  ---
> Resulting packages argon2 and libargon2 needs to remove the following hidden 
> directory /usr/lib/.build-id

AFAIK, this is expected, for
https://gnu.wildebeest.org/blog/mjw/2017/06/30/fedora-rpm-debuginfo-improvements-for-rawhidef27/

btw, THANKS for the quick review

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503609] Review Request: argon2 - The password-hashing tools

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503609



--- Comment #3 from Haïkel Guémar  ---
Ok, seems that I was not aware of the latest debuginfo changes :)
Forget what I said, all is good!

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503609] Review Request: argon2 - The password-hashing tools

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503609

Haïkel Guémar  changed:

   What|Removed |Added

 Status|ASSIGNED|POST
  Flags|fedora-review?  |fedora-review+



--- Comment #2 from Haïkel Guémar  ---
Resulting packages argon2 and libargon2 needs to remove the following hidden
directory /usr/lib/.build-id

I trust you to do that small cleanup, so I approve this package into Fedora
Packages Collection as it
respects all the other criteria.

Package Review
==

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


= MUST items =

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: ldconfig called in %post and %postun if required.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.
[x]: Development (unversioned) .so files in -devel subpackage, if present.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
 other legal requirements as defined in the legal section of Packaging
 Guidelines.
[x]: License field in the package spec file matches the actual license.
 Note: Checking patched sources after %prep for licenses. Licenses
 found: "CC0 (v1.0)", "Apache (v2.0) CC0 (v1.0)", "Unknown or
 generated". 42 files have unknown license. Detailed output of
 licensecheck in /home/hguemar/1503609-argon2/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[x]: If the package is under multiple licenses, the licensing breakdown
 must be documented in the spec.
[!]: Package does not own files or directories owned by other packages.

[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[x]: Development files must be in a -devel package
[ ]: Package uses nothing in %doc for runtime.
[ ]: Package consistently uses macros (instead of hard-coded directory
 names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
 Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
 (~1MB) or number of files.
 Note: Documentation size is 20480 bytes in 2 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
 one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
 Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
 license(s) in its own file, then that file, containing the text of the
 license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: All build dependencies are listed in BuildRequires, except for any
 that are listed in the exceptions section of Packaging Guidelines.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
 beginning of %install.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
 work.
[x]: Package is named using only allowed ASCII characters.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
 provided in the spec URL.
[x]: Spec file name must match the spec package %{name}, in the format
 %{name}.spec.
[x]: File names are valid UTF-8.
[x]: Packages must not store files under /srv, /opt or /usr/local

= SHOULD items =

Generic:
[-]: Uses parallel make %{?_smp_mflags} macro.
[x]: If the source package does not include license text(s) as a separate
 file from upstream, the packager SHOULD query upstream to include it.
[x]: Final provides and 

[Bug 1503609] Review Request: argon2 - The password-hashing tools

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503609

Haïkel Guémar  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
 CC||karlthe...@gmail.com
   Assignee|nob...@fedoraproject.org|karlthe...@gmail.com
  Flags||fedora-review?



--- Comment #1 from Haïkel Guémar  ---
Spec URL: https://git.remirepo.net/cgit/rpms/lib/argon2.git/plain/argon2.spec
SRPM URL: http://rpms.remirepo.net/SRPMS/argon2-20161029-1.remi.src.rpm

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1501522] Review Request: fdk-aac - Third-Party Modified Version of the Fraunhofer FDK AAC Codec Library for Android

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1501522



--- Comment #33 from Wim Taymans  ---
I was thinking that we don't fork the GStreamer plugin but let it decide what
caps to advertise and support based on the fdk-aac implementation (we could ask
it to parse a config descriptor and see if it fails or not, for example). It
would need some plugin changes but that's not too complicated.

I guess for the codec installer we then need some way to install the other,
more complete, fdk-aac implementation, not sure how we can do that...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503609] New: Review Request: argon2 - The password-hashing tools

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503609

Bug ID: 1503609
   Summary: Review Request: argon2 - The password-hashing tools
   Product: Fedora
   Version: rawhide
 Component: Package Review
  Severity: medium
  Priority: medium
  Assignee: nob...@fedoraproject.org
  Reporter: fed...@famillecollet.com
QA Contact: extras...@fedoraproject.org
CC: package-review@lists.fedoraproject.org



Spec URL:
https://git.remirepo.net/cgit/rpms/lib/argon2.git/plain/argon2.spec?id=69fc25a0f28cd826e364e0464e24d499c9a91755
SRPM URL: http://rpms.remirepo.net/SRPMS/argon2-20161029-1.remi.src.rpm
Description: 
Argon2 is a password-hashing function that summarizes the state of the art
in the design of memory-hard functions and can be used to hash passwords
for credential storage, key derivation, or other applications.

It has a simple design aimed at the highest memory filling rate and
effective use of multiple computing units, while still providing defense
against tradeoff attacks (by exploiting the cache and memory organization
of the recent processors).

Argon2 has three variants: Argon2i, Argon2d, and Argon2id.

* Argon2d is faster and uses data-depending memory access, which makes it
  highly resistant against GPU cracking attacks and suitable for applications
  with no threats from side-channel timing attacks (eg. cryptocurrencies). 
* Argon2i instead uses data-independent memory access, which is preferred for
  password hashing and password-based key derivation, but it is slower as it
  makes more passes over the memory to protect from tradeoff attacks.
* Argon2id is a hybrid of Argon2i and Argon2d, using a combination of
  data-depending and data-independent memory accesses, which gives some of
  Argon2i's resistance to side-channel cache timing attacks and much of
  Argon2d's resistance to GPU cracking attacks.


Fedora Account System Username: remi


--

Koji scratch build:
https://koji.fedoraproject.org/koji/taskinfo?taskID=22523416

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1488384] Review Request: stlink - STM32 discovery line Linux programmer

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1488384

Vasiliy Glazov  changed:

   What|Removed |Added

 Status|POST|CLOSED
 Resolution|--- |CURRENTRELEASE
Last Closed||2017-10-18 09:10:28



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1500958] Review Request: python-kiwi-gtk - Framework for Python GUI applications

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1500958

Neal Gompa  changed:

   What|Removed |Added

 CC||karlthe...@gmail.com
  Flags||needinfo?(karlthered@gmail.
   ||com)



--- Comment #4 from Neal Gompa  ---
Any feedback?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1431952] Review Request: modules-tcl - Native Tcl version of the Environment Modules system

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1431952



--- Comment #6 from Vít Ondruch  ---
This should be probably closed in the light of environment-modules 4.0.0 [1]
release ...

[1] https://modules.readthedocs.io/en/stable/NEWS.html#modules-4-0-0-2017-10-16

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1468971] Review Request: freshmaker - A service scheduling rebuilds of artifacts as new content becomes available

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1468971

Fedora Update System  changed:

   What|Removed |Added

 Status|ON_QA   |MODIFIED



-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1468971] Review Request: freshmaker - A service scheduling rebuilds of artifacts as new content becomes available

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1468971



--- Comment #13 from Fedora Update System  ---
freshmaker-0.0.6-1.el7 has been submitted as an update to Fedora EPEL 7.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5980624af0

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1474033] Review Request: ucx - Communication library implementing high-performance messaging

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1474033



--- Comment #27 from Michal Schmidt  ---
A license check highlighted a file with an LGPL license header:
  ucx-1.2.2/src/ucm/ptmalloc283/sysdeps/generic/malloc-machine.h
Works under BSD and LGPL licenses can be combined without conflict, so the LGPL
is not a problem. Moreover, nothing from the ptmalloc283 directory is actually
used. The build is configured to link with a bundled ptmalloc286 instead:
  ucx-1.2.2/src/ucm/ptmalloc286/

Why does ucx bundle not just one, but two versions of ptmalloc?

ptmalloc is also the implementation of malloc used in glibc. Would it be
possible to just use glibc's malloc?

Please delete the unused version in the %prep step:
  rm -rf src/ucm/ptmalloc283/

If ptmalloc286 is there to stay, please add "Provides: bundled(ptmalloc) =
2.8.6" to the spec with an explanatory comment.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1503461] New: Review Request: xxhash - Extremely fast hash algorithm

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1503461

Bug ID: 1503461
   Summary: Review Request: xxhash - Extremely fast hash algorithm
   Product: Fedora
   Version: rawhide
 Component: Package Review
  Severity: medium
  Priority: medium
  Assignee: nob...@fedoraproject.org
  Reporter: mattias.ell...@physics.uu.se
QA Contact: extras...@fedoraproject.org
CC: package-review@lists.fedoraproject.org



Spec URL: http://www.grid.tsl.uu.se/review/xxhash.spec
SRPM URL: http://www.grid.tsl.uu.se/review/xxhash-0.6.3-1.fc28.src.rpm

Description:
xxHash is an Extremely fast Hash algorithm, running at RAM speed
limits. It successfully completes the SMHasher test suite which
evaluates collision, dispersion and randomness qualities of hash
functions. Code is highly portable, and hashes are identical on all
platforms (little / big endian).

Fedora Account System Username: ellert

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1476458] Review Request: paho-c - MQTT client library in C

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1476458



--- Comment #15 from Fabiano Fidêncio  ---
(In reply to Miroslav Suchý from comment #14)
> I am a sponsor and I can finish this review.

Okay, then we can continue the process with the package under Otavio.

Thanks for the help, Miroslav.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1476458] Review Request: paho-c - MQTT client library in C

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1476458

Miroslav Suchý  changed:

   What|Removed |Added

 CC||msu...@redhat.com
   Assignee|nob...@fedoraproject.org|msu...@redhat.com



--- Comment #14 from Miroslav Suchý  ---
I am a sponsor and I can finish this review.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org