Sponsor and review request: opendap, librx

Ed Hill ed at eh3.com
Sat Apr 23 18:49:45 UTC 2005 

On Sat, 2005-04-23 at 10:05 -0500, Tom 'spot' Callaway wrote:
> Last two bits in the dependency chain for NCO: librx and opendap (also
> called "DODS").

Hi Tom,

Very nice!  A lot of progress in just a few days!  I'm really happy to
see all these things getting packaged for Fedora Extras.


> librx:
> URL: http://www.gnu.org/software/rx/rx.html
> SRPM: http://www.auroralinux.org/people/spot/review/librx-1.5-1.src.rpm

I'd like to sponsor rx.  Its small, everything appears to be in order,
and it works-for-me (builds, installs, etc.) on an updated devel system.


> opendap:
> SRPM:http://www.auroralinux.org/people/spot/review/opendap-3.4.4-1.src.rpm
> SPEC: http://www.auroralinux.org/people/spot/review/opendap.spec

I've read the entire spec file and can't find anything wrong with it.
But then, I'm not a experienced reviewer.  The build emitted warnings
about the redefinition of printf and related functions.  So I looked
into the source and found that opendap includes versions of the
following:

            included in OPeNDAP:   currently in devel:
  curl      7.12.0                 7.13.1
  libxml2   pre-2.5.7 (?)          2.6.19
  zlib      1.1.4                  1.2.2.2

which seems a little fishy.  I know that there have been past zlib
security patches:

  https://rhn.redhat.com/errata/RHSA-2003-081.html
  http://www.gzip.org/zlib/advisory-2002-03-11.txt

but perhaps the included 1.1.4 version is new enough that all known
problems are fixed.  And perhaps the versions of curl and libxml2 are
also sufficiently up-to-date.

In terms of both policy and practical considerations, is it OK to allow
packages (like OPeNDAP) to include their own versions of some libs?  Or
should we patch their build system(s) to use the versions provided by
the "official" RPMs?

Ed

-- 
Edward H. Hill III, PhD
office:  MIT Dept. of EAPS;  Rm 54-1424;  77 Massachusetts Ave.
             Cambridge, MA 02139-4307
emails:  eh3 at mit.edu                ed at eh3.com
URLs:    http://web.mit.edu/eh3/    http://eh3.com/
phone:   617-253-0098
fax:     617-253-4464

More information about the fedora-extras-list mailing list