Orcan Ogetbil wrote: > What is the status of this project? Did anyone started out writing some code? I want to contribute to this. Is there a webpage? > > My opinion on this idea is, we should first write a script that displays 3 different kind of outputs: > > 1- Pure automatic checks: sha1sums, %files etc. -> Display results I agree with the three broad categories that you have but please remember that sha1sums are only a semi-automatic check. sha1sums of the included tarball can be run against the source URLs listed in the spec file but those Source URLs must be checked by a human. A computer will gloss over:: Source0: http://crackz.com/foo.tar.gz but a human can check via google, mailing lists, and other distros to see that the Source url is canonical. > 2- Semi-automatic checks: For instance, the script will check for static libraries in the build. -> Display results (If there are static libraries then it will warn the reviewer so he can check for the necessity of them.) > 3- Purely manual checks: Not everything in the guidelines is easy to implement. Hence after the script is done, it will tell the reviewer what else needs to be checked manually. > > As time goes more features can be implemented and more items from 3 can be shifted into 1 or 2. We will need to build a powerful parser. I think some code can be borrowed from rpmlint. > -Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature