| Summary: | Review request: man-pages-posix - POSIX interface documentation | ||
|---|---|---|---|
| Product: | Package Reviews | Reporter: | Christoph Erhardt <fedora> |
| Component: | Review Request | Assignee: | Michael Cronenworth <mike> |
| Status: | RESOLVED FIXED | ||
| Severity: | enhancement | CC: | ferdnyc, gary.buhrmaster, i.ucar86, kevin.kofler, leigh123linux, petr.tuma, rpmfusion-package-review, susi.lehtola |
| Priority: | P1 | Flags: | mike:
fedora-review+
|
| Version: | Current | ||
| Hardware: | All | ||
| OS: | GNU/Linux | ||
| namespace: | nonfree | ||
|
Description
Christoph Erhardt
2022-08-23 23:47:23 CEST
>I do, however, officially maintain a small number of packages in the Fedora
So I've sponsored you in rpmfusion packager group.
Please do exchange review (like with fedora).
note: any fedora reviewer can do review (but they need to create an account).
Thanks
Why is this RPMFusion material? The license appears to be OK in Fedora https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ so the package should be reviewed in Fedora proper. (In reply to Susi Lehtola from comment #2) > Why is this RPMFusion material? The license appears to be OK in Fedora > > https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ > > so the package should be reviewed in Fedora proper. See the BZ #2116859 cited above. The package was dropped very recently from Fedora because it contains the license LicenseRef-IEEE-2017, which apparently is not allowed by legal (the docs list LicenseRef-IEEE which is != LicenseRef-IEEE-2017). In fact LicenseRef-IEEE-2017 is now explicitly listed (though devoid of any explanatory detail or justification) here: https://docs.fedoraproject.org/en-US/legal/not-allowed-licenses/ (In reply to FeRD (Frank Dana) from comment #4) > In fact LicenseRef-IEEE-2017 is now explicitly listed (though devoid of > any explanatory detail or justification) here: > > https://docs.fedoraproject.org/en-US/legal/not-allowed-licenses/ I have not looked closely at the issue, but my recollection was that the revised IEEE-2017 license no longer explicitly permitted redistribution as it did before (triggering the not-allowed status). I would agree that a annotation stating the reason for not being allowed should exist on the docs pages, and you should probably open that as an issue with Fedora. Given that the posix man pages are currently distributed in a number of Linux variants, I would like to think that it would be possible to convince IEEE to revise the license to allow redistribution as it did before, but that may require some concerted action across distros with IEEE. Compare the old license text: https://fedoraproject.org/wiki/Licensing:IEEEDocLicense with the new one: https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/data/LicenseRef-IEEE-2017.toml This whole paragraph was dropped: > Redistribution of this material is permitted so long as this notice and > the corresponding notices within each POSIX manual page are retained on > any distribution, and the nroff source is included. Modifications to > the text are permitted so long as any conflicts with the standard > are clearly marked as such in the text. So not only the permission to redistribute is missing (which makes it unclear to me whether this can even be redistributed in RPM Fusion at all – "This notice shall appear on any product containing this material." appears to imply that it is allowed to create a "product containing this material", but there is nothing explicitly allowing it), but also the permission to modify the text, which makes it non-Free and is unacceptable for a technical documentation in a Free Software distribution (but would qualify for RPM Fusion nonfree if the redistribution issue can be cleared up). Hi Christoph, If you agree to review swap with me I'll review this. Please review this in return: https://bugzilla.rpmfusion.org/show_bug.cgi?id=6335 Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated [ ] = Manual review needed Issues: ======= - If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. Note: License file POSIX-COPYRIGHT is not marked as %license See: https://docs.fedoraproject.org/en-US/packaging- guidelines/LicensingGuidelines/#_license_text Fix this by using a '%license POSIX-COPYRIGHT' line and removing the file from %docs. - License is known to be a non-free type, but I think the non-free repo will accept it. - License field must take SPDX form. It is a recent Fedora requirement. My Jellyfin package is also missing it so feel free to fail me for it. Your license should be 'LicenseRef-IEEE-2017' instead of just IEEE. - Suggestion: Switch from %setup to %autosetup - not a requirement though. ===== MUST items ===== Generic: [!]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. [!]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated". 1133 files have unknown license. Detailed output of licensecheck in /home/michael/Projects/rpmfusion/review/review-man-pages- posix/licensecheck.txt [x]: Package contains no bundled libraries without FPC exception. [x]: Changelog in prescribed format. [x]: Sources contain only permissible code or content. [-]: Package contains desktop file if it is a GUI application. [-]: Development files must be in a -devel package [x]: Package uses nothing in %doc for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). [x]: Package is named according to the Package Naming Guidelines. [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. [x]: Requires correct, justified where necessary. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. [x]: Package is not known to require an ExcludeArch tag. [-]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is 10240 bytes in 3 files. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: There are rpmlint messages (see attachment). [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. [x]: Package does not contain duplicates in %files. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [x]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. [x]: Final provides and requires are sane (see attachments). [x]: Package functions as described. [x]: Latest version is packaged. [x]: Package does not include license text files separate from upstream. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used. [-]: Package should compile and build into binary rpms on all supported architectures. [-]: %check is present and all tests pass. [x]: Packages should try to preserve timestamps of original installed files. [x]: Reviewer should test that the package builds in mock. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag [x]: SourceX is a working URL. [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: There are rpmlint messages (see attachment). [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Cannot parse rpmlint output: Rpmlint (installed packages) ---------------------------- ============================ rpmlint session starts ============================ rpmlint: 2.2.0 configuration: /usr/lib/python3.11/site-packages/rpmlint/configdefaults.toml /etc/xdg/rpmlint/fedora.toml /etc/xdg/rpmlint/licenses.toml /etc/xdg/rpmlint/scoring.toml /etc/xdg/rpmlint/users-groups.toml /etc/xdg/rpmlint/warn-on-functions.toml checks: 32, packages: 1 man-pages-posix.noarch: W: package-with-huge-docs: 100% 1 packages and 0 specfiles checked; 0 errors, 1 warnings, 0 badness; has taken 0.2 s Source checksums ---------------- https://www.kernel.org/pub/linux/docs/man-pages/man-pages-posix/man-pages-posix-2017-a.tar.xz : CHECKSUM(SHA256) this package : ce67bb25b5048b20dad772e405a83f4bc70faf051afa289361c81f9660318bc3 CHECKSUM(SHA256) upstream package : ce67bb25b5048b20dad772e405a83f4bc70faf051afa289361c81f9660318bc3 Requires -------- man-pages-posix (rpmlib, GLIBC filtered): Provides -------- man-pages-posix: man-pages-posix Generated by fedora-review 0.9.0 (6761b6c) last change: 2022-08-23 Command line :/usr/bin/fedora-review -u https://bugzilla.rpmfusion.org/show_bug.cgi?id=6396 Buildroot used: fedora-rawhide-x86_64 Active plugins: Shell-api, Generic Disabled plugins: PHP, fonts, C/C++, R, Python, SugarActivity, Haskell, Perl, Ocaml, Java Disabled flags: EPEL6, EPEL7, DISTTAG, BATCH, EXARCH I have written to the linux-man mailing list (https://www.kernel.org/doc/man-pages/linux-man-ml.html) asking for clarification on the licensing issue. Unfortunately upstream still hasn't been able to give me a clear answer on this topic. Here's what some other major distros are doing: * Debian ships the package as 'non-free'. * Ubuntu has it in its 'multiverse' repo. * Arch, openSUSE and Slackware ship it as normal. Over at the Gentoo Bugzilla the topic is being discussed in detail as well, and the following two points have been made: 1. https://bugs.gentoo.org/871636#c2 > I think this leaves us with two possibilities: > > - If the note in man-pages-posix-2017-a.Announce saying "For the POSIX pages, permission > to distribute was given by IEEE and the Open Group, see POSIX-COPYRIGHT." is genuine, > then this is freely distributable and LICENSE should be changed to "freedist". > > - OTOH if that note no longer applies (as it refers to POSIX-COPYRIGHT, and it already > was there in the 2013a version), then neither we nor upstream have the right to > distribute this, which means that we must either downgrade to 2013a or remove the package > altogether. 2. https://bugs.gentoo.org/871636#c3 > The following is in the release notes for 2017a: > https://lore.kernel.org/linux-man/0a36ce05-f3f3-afd5-7675-a5fc4b4f0c02@gmail.com/ > > We are pleased to announce that, once again, the IEEE and The Open Group > have kindly granted us permission to distribute extracts from the latest > version of the POSIX.1 standard: [...] > > Which doesn't say anything about modification. Also, "granted _us_ permission to > distribute" doesn't imply that it is redistributable. Gentoo has decided to keep the package for now, pending further clarification. However, they have removed the dependency from `man-pages` to `man-pages-posix` so the latter no longer gets pulled in automatically when the former is installed. SPEC and SRPM updated; URLs remain the same: https://www4.cs.fau.de/~erhardt/foo/man-pages-posix/man-pages-posix.spec https://www4.cs.fau.de/~erhardt/foo/man-pages-posix/man-pages-posix-2017a-1.fc36.src.rpm Items are addressed. Package APPROVED. pkgdb request has been processed. Interesting; I expected an automated notification email but didn't seem to get any. Code pushed and packages built. |