[Bug 513239] Review Request: ansel - Full featured photo management application

Wed Aug 26 20:04:40 UTC 2009

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=513239

--- Comment #4 from Pavel Alexeev (aka Pahan-Hubbitus) <pahan at hubbitus.info>  2009-08-26 16:04:39 EDT ---
[-]  MUST: rpmlint must be run on every package. The output should be posted in
the review.
$ rpmlint *
ansel.noarch: W: conffile-without-noreplace-flag
/etc/horde/ansel/styles.php.dist
ansel.noarch: W: conffile-without-noreplace-flag
/etc/horde/ansel/hooks.php.dist
ansel.noarch: W: conffile-without-noreplace-flag /etc/horde/ansel/conf.xml
ansel.noarch: W: conffile-without-noreplace-flag
/etc/horde/ansel/prefs.php.dist
ansel.noarch: E: non-readable /etc/horde/ansel/styles.php.dist 0640
ansel.noarch: E: non-readable /etc/horde/ansel/hooks.php.dist 0640
ansel.noarch: E: non-readable /etc/horde/ansel/prefs.php 0660
ansel.noarch: E: non-readable /etc/horde/ansel/styles.php 0660
ansel.noarch: E: non-readable /etc/horde/ansel/conf.xml 0660
ansel.noarch: E: non-standard-dir-perm /etc/horde/ansel 0770
ansel.noarch: E: non-readable /etc/horde/ansel/prefs.php.dist 0640
ansel.noarch: E: non-readable /etc/horde/ansel/hooks.php 0660
2 packages and 1 specfiles checked; 8 errors, 4 warnings.

*.dist files as I understand is examples. So, it shouldn't be marked as config
and should be placed to docs.
Permissions also must be checked and fixed.

[+] MUST: The package must be named according to the Package Naming Guidelines
.
[+] MUST: The spec file name must match the base package %{name}, in the format
%{name}.spec unless your package has an exemption.
[+] MUST: The package must meet the Packaging Guidelines.
[+] MUST: The package must be licensed with a Fedora approved license and meet
the Licensing Guidelines .
[-] MUST: The License field in the package spec file must match the actual
license.

builder.js, editcaption.js, embed.js, imagefaces.js, slideshow.js,
slugcheck.js, tagactions.js, togglewidget.js have unknown license. I absolutely
don't known how it distributable. This require author clarification.

Package contain parts of Prototypejs (carousel.js):
1) It licensed under MIT, not GPLv2
2) Prototypejs should be packaged separately as it separate project with
offsite, upstream developer and etc. http://prototypejs.org. This pachage
should only require them.

Some files have reference to scriptaculous (which is under my review in that
moment - https://bugzilla.redhat.com/show_bug.cgi?id=455622). I think what
available must depend on it.

cropper.js - BSD License

lightbox.js - Creative Commons Attribution 2.5 License -
http://creativecommons.org/licenses/by/2.5/

[+] MUST: If (and only if) the source package includes the text of the
license(s) in its own file, then that file, containing the text of the
license(s) for the package must be included in %doc.
[+] MUST: The spec file must be written in American English.
[+] MUST: The spec file for the package MUST be legible.
[+] MUST: The sources used to build the package must match the upstream source,
as provided in the spec URL. Reviewers should use md5sum for this task. If no
upstream URL can be specified for this package, please see the Source URL
Guidelines for how to deal with this.
$ md5sum *.gz
a4bad0fba80ae7621ce7726b29b49966  ansel-h3-1.0_RPM.tar.gz
a4bad0fba80ae7621ce7726b29b49966  ansel-h3-1.0.tar.gz

[+] MUST: The package MUST successfully compile and build into binary rpms on
at least one primary architecture.
http://koji.fedoraproject.org/koji/taskinfo?taskID=1636407

[-] MUST: All build dependencies must be listed in BuildRequires, except for
any that are listed in the exceptions section of the Packaging Guidelines ;
inclusion of those as BuildRequires is optional. Apply common sense.
In spec you unconditional relay to %{_sysconfdir}/httpd/conf.d, so httpd then
must be required.
BUT, as I see in source, ansel provide also .conf file for lighttpd.
I think we may add Requires: webserver if add some magic to configure both (may
be you can even all available in Fedora? There plus boa)...

[-] MUST: The spec file MUST handle locales properly. This is done by using the
%find_lang macro. Using %{_datadir}/locale/* is strictly forbidden.
You explicit copy binary .mo files. This is not permitted:
1) Binary content prohibited and must be deleted in %prep -
https://fedoraproject.org/wiki/Packaging/Guidelines#No_inclusion_of_pre-built_binaries_or_libraries
2) Locale files must be generated from source (.po files also there). Otherwise
for what you add BuildRequires: gettext?
https://fedoraproject.org/wiki/Packaging/Guidelines#Handling_Locale_Files

[-] MUST: A package must own all directories that it creates. If it does not
create a directory that it uses, then it should require a package which does
create that directory.
See above about /etc/httpd

[+] MUST: A Fedora package must not list a file more than once in the spec
file's %files listings.
[-] MUST: Permissions on files must be set properly. Executables should be set
with executable permissions, for example. Every %files section must include a
%defattr(...) line.
See rpmling errors at begining.

[+] MUST: Each package must have a %clean section, which contains rm -rf
%{buildroot} (or $RPM_BUILD_ROOT).
[+] MUST: Each package must consistently use macros.
[+] MUST: Large documentation files must go in a -doc subpackage. (The
definition of large is left up to the packager's best judgement, but is not
restricted to size. Large can refer to either size or quantity).
[+] MUST: If a package includes something as %doc, it must not affect the
runtime of the application. To summarize: If it is in %doc, the program must
run properly if it is not present.
[=] MUST: Header files must be in a -devel package.
Please conside place JavaScript unstripped files (src) into -devel package (if
thay leaved thereaftere all issues with it). It is not requirement, just
suggestion.

[+] MUST: Packages must not own files or directories already owned by other
packages. The rule of thumb here is that the first package to be installed
should own the files or directories that other packages may rely upon. This
means, for example, that no package in Fedora should ever share ownership with
any of the files or directories owned by the filesystem or man package. If you
feel that you have a good reason to own a file or directory that another
package owns, then please present that at package review time.
[+] MUST: At the beginning of %install, each package MUST run rm -rf
%{buildroot} (or $RPM_BUILD_ROOT).
[+/-] MUST: All filenames in rpm packages must be valid UTF-8.
You should preserve timestamps when iconv files.
https://fedoraproject.org/wiki/Packaging/Guidelines#Timestamps

[+] SHOULD: The reviewer should test that the package builds in mock.
http://koji.fedoraproject.org/koji/taskinfo?taskID=1636407
[+] SHOULD: The package should compile and build into binary rpms on all
supported architectures.

[?] SHOULD: If scriptlets are used, those scriptlets must be sane. This is
vague, and left up to the reviewers judgement to determine sanity.
Do we try reload webserver after install/uninstall package? This is open
question - I don't known answer.

Additional thing - Until review started, and even by offsite screenshots I
don't understand what it is WEB-based gallery. May be we can add it info in
description?

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.