[Bug 232719] maven2-2.0.4-10jpp.3 - Java project management and project comprehension tool

bugzilla at redhat.com bugzilla at redhat.com
Sat Mar 17 00:32:44 UTC 2007 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: maven2-2.0.4-10jpp.3 - Java project management and project comprehension tool


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232719





------- Additional Comments From mwringe at redhat.com  2007-03-16 20:32 EST -------
MUST:
* package is named appropriately
 - match upstream tarball or project name
OK, upstream just calls it Maven, but this pacakge needs to be named differently
due to it being incompatible with the older maven1 project.
 - try to match previous incarnations in other distributions/packagers for
consistency
OK
 - specfile should be %{name}.spec
OK
 - non-numeric characters should only be used in Release (ie. cvs or
   something)
 - for non-numerics (pre-release, CVS snapshots, etc.), see
   http://fedoraproject.org/wiki/Packaging/NamingGuidelines#PackageRelease
 - if case sensitivity is requested by upstream or you feel it should be
   not just lowercase, do so; otherwise, use all lower case for the name
* is it legal for Fedora to distribute this?
 - OSI-approved
OK, license is Apache
 - not a kernel module
OK
 - not shareware
OK
 - is it covered by patents?
Not that I am aware of
 - it *probably* shouldn't be an emulator
OK
 - no binary firmware
OK

* license field matches the actual license.
OK, it appears that all the sources are Apache licensed
* license is open source-compatible.
 - use acronyms for licences where common
* specfile name matches %{name}
OK
* verify source and patches (md5sum matches upstream, know what the patches do)
 - if upstream doesn't release source drops, put *clear* instructions on
   how to generate the the source drop; ie. 
  # svn export blah/tag blah
  # tar cjf blah-version-src.tar.bz2 blah
X no instructions on how to recreate m2_jar_repo.tar.gz
X no instructions on how to recreate m2_jar_repo.tar.gz

* skim the summary and description for typos, etc.
OK
* correct buildroot
 - should be:
   %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
OK
* if %{?dist} is used, it should be in that form (note the ? and %
locations)
OK
* license text included in package and marked with %doc
X license missing from packages: maven2 and the plugin packages
 
* keep old changelog entries; use judgement when removing (too old?
useless?)
OK

* packages meets FHS (http://www.pathname.com/fhs/)
OK, they seem to put everything in the right places
* rpmlint on <this package>.srpm gives no output

rpmlint maven2-2.0.4-10jpp.3.src.rpm
W: maven2 non-standard-group Development/Build Tools
OK.The group warning can be ignored

* changelog should be in the proper format
OK

* Packager, Vendor, and Distribution tags should not be used
OK
* use License and not Copyright 
OK
* Summary tag should not end in a period
OK
* if possible, replace PreReq with Requires(pre) and/or Requires(post)
OK
* specfile is legible
OK. For the length and complexity, it is very well laid out

* package successfully compiles and builds on at least x86

* BuildRequires are proper
 - builds in mock will flush out problems here
OK, builds in mock
 - the following packages don't need to be listed in BuildRequires:
   bash
   bzip2
   coreutils
   cpio
   diffutils
   fedora-release (and/or redhat-release)
   gcc
   gcc-c++
   gzip
   make
   patch
   perl
   redhat-rpm-config
   rpm-build
   sed
   tar
   unzip
   which
OK
* summary should be a short and concise description of the package
OK
* description expands upon summary (don't include installation
instructions)
X the main package's description does, but the plugins description is just the
summary.

* make sure description lines are <= 80 characters
OK
* specfile written in American English
OK
* make a -doc sub-package if necessary
 - see
  
http://fedoraproject.org/wiki/Packaging/Guidelines#head-9bbfa57478f0460c6160947a6bf795249488182b
OK, javadoc and manual subprojects for main maven2 package. Should there be
javadocs for the plugins?
* packages including libraries should exclude static libraries if possible
* don't use rpath
OK
* config files should usually be marked with %config(noreplace)
X Doesn't maven2 have any config files?

* GUI apps should contain .desktop files
OK, not a GUI app
* should the package contain a -devel sub-package?
OK, I don't think it should have one
* use macros appropriately and consistently
 - ie. %{buildroot} and %{optflags} vs. $RPM_BUILD_ROOT and $RPM_OPT_FLAGS
OK
* don't use %makeinstall
OK
* locale data handling correct (find_lang)
 - if translations included, add BR: gettext and use %find_lang %{name} at the
   end of %install
* consider using cp -p to preserve timestamps
X the -p is not used anywhere in %prep section

* split Requires(pre,post) into two separate lines
OK
* package should probably not be relocatable
OK
* package contains code
 - see http://fedoraproject.org/wiki/Packaging/Guidelines#CodeVsContent
 - in general, there should be no offensive content
OK
* package should own all directories and files
* there should be no %files duplicates
* file permissions should be okay; %defattrs should be present
OK
* %clean should be present
OK
* %doc files should not affect runtime
* if it is a web apps, it should be in /usr/share/%{name} and *not* /var/www
* verify the final provides and requires of the binary RPMs
* run rpmlint on the binary RPMs

maven2-2.0.4-10jpp.3.fc7.x86_64.rpm
W: maven2 non-standard-group Development/Build Tools
Ok, can ignore group warnings

W: maven2 incoherent-version-in-changelog 2.0.4-10jpp.3 0:2.0.4-10jpp.3.fc7
X is this caused by the epoch or the dist?

W: maven2 no-documentation
X Shouldn't there be at least some licensing documentation?

W: maven2 dangling-symlink /usr/share/java/maven2/plugins /usr/share/maven2/plugins
W: maven2 symlink-should-be-relative /usr/share/java/maven2/plugins
/usr/share/maven2/plugins
W: maven2 dangling-symlink /usr/share/maven2/repository/JPP /usr/share/java
W: maven2 symlink-should-be-relative /usr/share/maven2/repository/JPP
/usr/share/java
W: maven2 symlink-should-be-relative /usr/share/java/maven2/poms
/usr/share/maven2/poms
X Can the above symlinks be fixed?

W: maven2 non-conffile-in-etc /etc/maven/fragments/maven2
X this should be marked as a conf file (%conf)

W: maven2 dangerous-command-in-%preun rm
X can this command be removed?

W: maven2 uncompressed-zip /usr/share/java/maven2/empty-dep.jar
I would say this is safe to ignore

maven2-debuginfo-2.0.4-10jpp.3.fc7.x86_64.rpm

maven2-javadoc-2.0.4-10jpp.3.fc7.x86_64.rpm
W: maven2-javadoc non-standard-group Development/Documentation
OK, group warnings can be ignored

maven2-manual-2.0.4-10jpp.3.fc7.x86_64.rpm
W: maven2-manual non-standard-group Development/Documentation
OK, group warnings can be ignored

Due to the large size of the rpmlint output, I will be attaching as a separate
file for the plugins.

Notes of interest:
- the groups warnings can be ignored
- Shouldn't these plugins have license docs somewhere?

SHOULD:
* package should include license text in the package and mark it with %doc
X licenses missing from file set
* package should build on i386
OK
* package should build in mock
OK


-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the Fedora-package-review mailing list