[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 Zamir SUN changed: What|Removed |Added Status|ASSIGNED|CLOSED Resolution|--- |DUPLICATE Last Closed||2017-07-04 08:51:30 --- Comment #8 from Zamir SUN --- I'm closing this old request as duplicated of 1467651 per email suggestions https://lists.fedoraproject.org/archives/list/de...@lists.fedoraproject.org/thread/LRSRJOLLGLJB5OIE3ZBY3OK4JNBMLIQO/ *** This bug has been marked as a duplicate of bug 1467651 *** -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 Zbigniew Jędrzejewski-Szmek changed: What|Removed |Added Flags|needinfo?(pa...@hubbitus.in | |fo) | -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 Zamir SUN changed: What|Removed |Added CC||szts...@gmail.com Whiteboard|NotReady| Flags||needinfo?(pa...@hubbitus.in ||fo) --- Comment #7 from Zamir SUN --- @Pavel, since Christopher have not updated this for long, I'd like to restart the review with mine. Spec URL: https://zsun.fedorapeople.org/pub/pkgs/cvechecker/cvechecker.spec SRPM URL: https://zsun.fedorapeople.org/pub/pkgs/cvechecker/cvechecker-3.7-1.fc25.src.rpm Fedora Account System Username: zsun -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list -- package-review@lists.fedoraproject.org To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 --- Comment #6 from Pavel Alexeev (aka Pahan-Hubbitus) --- Christopher are you willing continue at all?? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 Zbigniew Jędrzejewski-Szmek changed: What|Removed |Added CC||zbys...@in.waw.pl --- Comment #5 from Zbigniew Jędrzejewski-Szmek --- Ping? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 Eric Christensen changed: What|Removed |Added Keywords||SecurityTracking Red Hat Bugzilla changed: What|Removed |Added Doc Type|Bug Fix |Release Note -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 --- Comment #4 from Christopher Meng --- (In reply to Murray McAllister from comment #3) > Hi Christopher, > > Do you need any assistance from the Red Hat Security Response team regarding > this package? > > Thanks, > > -- > Murray McAllister / Red Hat Security Response Team Aha finally attract a people from SRT ;) I don't think this package has too many issues, but if you are willing to help, I think you can help test this package when it's in updates-testing, OK? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 Murray McAllister changed: What|Removed |Added CC||mmcal...@redhat.com --- Comment #3 from Murray McAllister --- Hi Christopher, Do you need any assistance from the Red Hat Security Response team regarding this package? Thanks, -- Murray McAllister / Red Hat Security Response Team -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 Christopher Meng changed: What|Removed |Added Whiteboard||NotReady --- Comment #2 from Christopher Meng --- Waiting for upstream's reply. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808
--- Comment #1 from Pavel Alexeev (aka Pahan-Hubbitus) ---
Package Review
==
Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
Issues:
===
1) Package installs properly.
Note: Installation errors (see attachment)
See: https://fedoraproject.org/wiki/Packaging:Guidelines
Requires xsltproc wrong and not found in Fedora 20 and rawhide repos
You should instead require libxslt (prefferable) or direct file
/usr/bin/xsltproc from it
2) GPL licens is incorrect: https://fedoraproject.org/wiki/Licensing:Main
According to site https://sourceforge.net/projects/cvechecker/ it should be
GPLv3 but I'm strictly engourage you to clarify it from author. Also ask them
put correct not empty COPYING file in tarball.
3) Rpmlint also said about it among others:
Checking: cvechecker-3.5-1.fc20.x86_64.rpm
cvechecker-3.5-1.fc20.src.rpm
cvechecker.x86_64: W: invalid-license GPL
cvechecker.x86_64: E: zero-length /usr/share/doc/cvechecker/COPYING
cvechecker.src: W: invalid-license GPL
cvechecker.src:1: W: mixed-use-of-spaces-and-tabs (spaces: line 1, tab: line 1)
2 packages and 0 specfiles checked; 1 errors, 3 warnings.
4) In %check
make %{?_smp_mflags} check
should be, of comment about justification why parallel make can't be used.
4) userguide.xml recommend use separate group and user. It is on you choose
but please consider.
5) For what installed userguide.xml? Shouldn't be it converted into something
like html?
6) [-]: Requires correct, justified where necessary.
gawk requires missing, binarie used in scripts cvereport, cvegenversdat,
pullcves (also present file /usr/share/cvechecker/csv2xml.awk)
7) Package functions as described.
(after remove requires xsltproc see before)
$ cvechecker -i
Can't open database /var/cvechecker/local/main.db: unable to open database file
So config should be changed to point on something like
/var/run/cvechecker/main.db, and that ghost file with dir included.
= MUST items =
C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.
Generic:
[x]: Package is licensed with an open-source compatible license and meets
other legal requirements as defined in the legal section of Packaging
Guidelines.
[!]: License field in the package spec file matches the actual license.
Note: Checking patched sources after %prep for licenses. Licenses found:
"Unknown or generated".
Noone file contain license string.
According to site https://sourceforge.net/projects/cvechecker/ it should be
GPLv3 but I'm strictly engourage you to clarify it from author. Also ask them
put correct not empty COPYING file in tarball.
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[!]: Package consistently uses macros (instead of hard-coded directory names).
In %check
make %{?_smp_mflags} check
should be, of comment about justification why parrallel make can't be used.
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
Provides are present.
[-]: Requires correct, justified where necessary.
gawk requires missing, binarie used in scripts cvereport, cvegenversdat,
pullcves (also present file /usr/share/cvechecker/csv2xml.awk)
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[-]: Useful -debuginfo package or justification otherwise.
[-]: Package is not known to require an ExcludeArch tag.
Note: Test run failed
[x]: Large documentation must go in a -doc subpackage. Large could be size
(~1MB) or number of files.
Note: Test run failed
[x]: Packages must not store files under /srv, /opt or /usr/local
Note: Test run failed
[+/-]: Package complies to the Packaging Guidelines
Mostly. See other notes.
[x]: Package successfully compiles and builds into binary rpms on at least one
supported primary architecture.
[x]: Rpmlint is run on all rpms the build produces.
Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the license(s)
in its own file, then that file, containing the text of the license(s)
for the package is included in %doc.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package does not o
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 Pavel Alexeev (aka Pahan-Hubbitus) changed: What|Removed |Added Status|NEW |ASSIGNED -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 Pavel Alexeev (aka Pahan-Hubbitus) changed: What|Removed |Added CC||pa...@hubbitus.info Assignee|nob...@fedoraproject.org|pa...@hubbitus.info Flags||fedora-review? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 Christopher Meng changed: What|Removed |Added Alias||cvechecker -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
[Bug 1062808] Review Request: cvechecker - Command-line utility to scan the system based on CVE data
https://bugzilla.redhat.com/show_bug.cgi?id=1062808 Christopher Meng changed: What|Removed |Added Blocks||563471 (FE-SECLAB) Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=563471 [Bug 563471] Tracker: Review Requests for Fedora Security Lab related packages -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component ___ package-review mailing list package-review@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-review
