https://bugzilla.redhat.com/show_bug.cgi?id=2428704
--- Comment #13 from Fabio Valentini <[email protected]> --- Points 1. and 2. above should be addressed. > 3. Bundled JavaScript libraries and CSS in the "goose-mcp" crate > > There's some amount of bundled pre-minified JavaScript libraries (without > associated license texts) included at > crates/goose-mcp/autovisualizer/templates/assets/. > > You will need to declare them as bundled dependencies (i.e. "Provides: > bundled(...)") and include their licenses in the package's License tag, and / > or poke goose upstream to include their respective license texts (most > licenses require this): > > - chart.js v4.5.0: MIT > - d3.js v7.9.0: ISC > - d3-sankey v0.12.3: BSD-3-Clause > - leaflet.js v1.9.4: BSD-2-Clause > - leaflet/markercluster plugin: MIT > - mermaid.js: MIT It appears that point 3. was not addressed. Points 4., 5. and 6. look like they have have been addressed. Point 7. (license tags) has potential problems: > # Goose source license > SourceLicense: Apache-2.0 This is not really correct. The "goose"s ources contain not only Apache-2.0 licensed content, but loads of bundled stuff (audio, video, image content, JavaScript libraries, etc.) - and technically the "SourceLicense" tag would also cover the vendor tarball. At this point I think it is safer to drop the "SourceLicense" tag and just leave a comment explaining which licenses apply to what from the "goose" repository. It also looks like you dropped the comments containing the output of the "license summary" macro from the spec file, and only left the resulting "License" tag. Having the "raw" output makes it easier to "diff" when packaging a new version, so I would recommend to keep it. Additionally, the contents of the "License" tag as present in the spec file in the latest version don't match what *should* be there. For example, a spot check shows me nothing that is licensed "MPL-2.0+" in the package, so I cannot explain where that term from the License tag comes from. Why does this keep happening? Point 8. looks like it was addressed. Point 9. was not addressed. In fact, the indentation is now inconsistent all over the place. Point 10. was more of a comment, looks like you have written some bash helpers to deal with this more easily in the future. :thumbsup: Point 11. and 12. were addressed. Point 13. was not: This is now inconsistent between %build and %check. And why is "export ZSTD_SYS_USE_PKG_CONFIG=1" commented out? ================================================================================ Some more additional notes from the latest version: 14. Some comments say "this can be generated in two (three) ways" - it looks like this is meant to say "steps" instead? 15. It is unclear to be what kind of "versioning scheme" you are trying to attribute to the bundled Sublime Text syntax grammars / highlighting themes / bundled JavaScript libraries. I'm not sure what "4075~gitfa6b862" is supposed to mean, and the same applies to the JavaScript libraries - looking at the headers of those files, they don't look like git snapshots, they're tagged versions. I would recommend to either 1) drop the snapshot ~git.... suffix where it is not applicable, or 2) drop the version string entirely when you can't attribute a specific version. 16. The syntax you use for skipping tests is wrong and results in 0 tests being run.. It should be "%{shrink:" (note the ":" character). In the latest version, this causes wrong / no escaping to happen for the RPM macro arguments, which results in RPM treating it as one large string, and cargo running 0 tests because nothing matches that one long string. And I'm now also wondering if you're using some kind of AI assistance to address my feedback, because similar mistakes keep happening between revisions :( -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2428704 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202428704%23c13 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
