[Bug 225659] Merge Review: cracklib

bugzilla at redhat.com bugzilla at redhat.com
Sun Feb 11 11:19:47 UTC 2007 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Merge Review: cracklib


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225659





------- Additional Comments From jspaleta at gmail.com  2007-02-11 06:19 EST -------
review checklist for cracklib 

Sumary NOT APPROVED. See the notes below for full details. Attached to this
report is a diff of the specfile which includes all of my suggested changes. 
The package owner should review the diff if there are items which can not be
incorporated, bring it up as a comment to this report for discussion. 

NOTE:
Not all the blockers have been address in the specfile diff. There are items
which the package owner must address which are not obvious specfile fixes.


+ GOOD   - BAD
+ rpmlint... see the notes at the end. I've rolled in changes into the spec from
the rpmlint log info
+ packagename is fine
+ specfile name is fine
+ license check 
Artistic , matches source license for SOURCE0, and LICENSE file included 
in %doc spec is english-ish
- md5sum check of sources
9a8c9eb26b48787c84024ac779f64bb2  cracklib-2.8.9.tar.gz from SOURCE0 URL
9a8c9eb26b48787c84024ac779f64bb2 
/home/jspaleta/rpmbuild/SOURCES/cracklib-2.8.9.tar.gz

md5sum check:
ASSurnames.gz: OK
cartoon.gz: OK
common-passwords.txt.gz: OK
Congress.gz: OK
cracklib-2.8.9.tar.gz: OK
cracklib-words.gz: FAILED
Domains.gz: OK
Dosref.gz: OK
etc-hosts.gz: OK
famous.gz: OK
fast-names.gz: OK
female-names.gz: OK
Ftpsites.gz: OK
Given-Names.gz: OK
Jargon.gz: OK
LCarrol.gz: OK
male-names.gz: OK
Movies.gz: OK
myths-legends.gz: OK
names.french.gz: OK
names.hp.gz: OK
other-names.gz: OK
Paradise.Lost.gz: OK
Python.gz: OK
sf.gz: OK
shakespeare.gz: OK
surnames.finnish.gz: OK
Trek.gz: OK

d18e670e5df560a8745e1b4dede8f84f  cracklib-words.gz from SOURCE1 URL
575a44add4db95b43c7abb46b307950f  /home/jspaleta/rpmbuild/SOURCES/cracklib-words.gz

+ mock build  as done by matt
http://linux.dell.com/files/fedora/FixBuildRequires/mock-results-core/i386/cracklib-2.8.9-8.src.rpm/result/
- buildrequires
removed gzip as exception provided by buildsys...fixed in specfile diff
+ shared libs exist and ldconfig is run in the correct script actions
+ not designed to be relocatable
+ no duplicates in the files section
+ file permissions look okay to me
- static libs are currently included in the -devel package.. 
this is a no no unless you have a good reason

+ docs section looks fine
- devel subpackage, includes .so and headerfiles... and a static .a which it
should not, unless it really really needs to.
+ no gui apps
+ no obvious duplicate file/directory ownership

BAD
*cracklib-words.gz included sources does NOT match upstream according to the
checksum. This is a little sticky, since the upstream file is not versioned nor
in a versioned directory. if upstream continues to update this file
its difficult to make a version comparison to some known state.

*pass-file.gz doesn't appear to have an upstream URL even though its listed as a
source, so there is no upstream to md5sum to check against.  If there is no
upstream for this file, this should be at least noted as a comment in the
specfile. I don't think this its super critical considering this is a dictionary
file and not the functional codebase itself... but it definitely should be noted
in the specfile that its an inhouse creation and why it was created.  This one I
can't fix in my specfile diff because I don't know why that file is there.

*gzip as a buildrequires, removed in specfile diff as a buildsys provided exception

* is there a compelling reason to include the static libcrack.a in the -devel
package? The guidelines frown very heavily on including static libraries, and
there needs to be a compelling reason to do so. Removed from the package in the
specfile diff

*cracklib-dicts needs cracklib because of the symlinks in /usr/sbin/
...fixed in specfile diff.

rpmlint log from dell
...reviewer comments inline

rpmlint on cracklib-2.8.9-8.i386.rpm
W: cracklib summary-ended-with-dot A password-checking library.
... fixed in specfile diff
E: cracklib tag-not-utf8 %changelog
... fixed in specfile diff
W: cracklib one-line-command-in-%trigger /sbin/ldconfig
... not sure about this one

rpmlint on cracklib-2.8.9-8.src.rpm
W: cracklib summary-ended-with-dot A password-checking library.
E: cracklib tag-not-utf8 %changelog
E: cracklib non-utf8-spec-file cracklib.spec
... fixed in specfile diff
W: cracklib mixed-use-of-spaces-and-tabs (spaces: line 102, tab: line 108)
... fixed in specfile diff

rpmlint on cracklib-devel-2.8.9-8.i386.rpm
W: cracklib-devel summary-ended-with-dot Development files needed for building
applications which use cracklib.
... fixed in diff
E: cracklib-devel tag-not-utf8 %changelog
W: cracklib-devel no-documentation
... bogus not important

rpmlint on cracklib-python-2.8.9-8.i386.rpm
W: cracklib-python summary-ended-with-dot Python bindings for applications which
use cracklib.
... fixed in diff
E: cracklib-python tag-not-utf8 %changelog
W: cracklib-python no-documentation

rpmlint on cracklib-dicts-2.8.9-8.i386.rpm
W: cracklib-dicts summary-ended-with-dot The standard CrackLib dictionaries.
... fixed in diff
E: cracklib-dicts tag-not-utf8 %changelog
E: cracklib-dicts only-non-binary-in-usr-lib
... bogus all the /usr/lib/ files are links back to /usr/share/
W: cracklib-dicts no-documentation
W: cracklib-dicts dangling-relative-symlink /usr/sbin/packer cracklib-packer
... bogus as long as cracklib is installed
W: cracklib-dicts dangling-relative-symlink /usr/sbin/mkdict cracklib-format
... bogus as long as cracklib is installed

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the Fedora-package-review mailing list