Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 452354 - Review Request: entertrack - Web-based artifact tracking/management system written in PHP
Summary: Review Request: entertrack - Web-based artifact tracking/management system wr...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Richard W.M. Jones
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-21 09:31 UTC by Dan Horák
Modified: 2008-12-18 17:59 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-12-18 17:59:55 UTC
rjones: fedora-review+
kevin: fedora-cvs+


Attachments (Terms of Use)

Description Dan Horák 2008-06-21 09:31:18 UTC
Spec URL: http://fedora.danny.cz/et/entertrack.spec
SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.2-1.fc10.src.rpm
Description:
EnterTrack is an open source web-based artifact tracking/management system
written in PHP. EnterTrack is derived from Issue-Tracker v4.0.1
(www.issue-tracker.com) and adds a number of features particularly useful
to larger groups. EnterTrack provides large organizations with start-to-finish
tracking of artifacts (artifacts can be problems, bugs, requests, projects,
etc.), group collaboration for artifact management, and status reports
for high-level performance metrics.

Rpmlint warns about non-standard uid/gid for files and directories that needs to be writable by apache and errors at zero-length index.html whose purpose is to block access to the dir (some content is added in the current upstream code).

Comment 1 Dan Horák 2008-06-28 06:12:03 UTC
Update spec URL: http://fedora.danny.cz/et/entertrack.spec
Updated SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.3-1.fc10.src.rpm

ChangeLog:
- update to new upstream version 1.2.3


Comment 2 Dan Horák 2008-07-04 08:05:39 UTC
Update spec URL: http://fedora.danny.cz/et/entertrack.spec
Updated SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.4-1.fc10.src.rpm

ChangeLog:
- update to new upstream version 1.2.4


Comment 3 Dan Horák 2008-07-11 09:17:31 UTC
Update spec URL: http://fedora.danny.cz/et/entertrack.spec
Updated SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.5-1.fc10.src.rpm

ChangeLog:
- update to new upstream version 1.2.5


Comment 4 Dan Horák 2008-08-08 10:58:45 UTC
Update spec URL: http://fedora.danny.cz/et/entertrack.spec
Updated SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.6-1.fc10.src.rpm

ChangeLog:
- update to new upstream version 1.2.6

Comment 5 Richard W.M. Jones 2008-09-02 13:57:45 UTC
+ rpmlint output

  Lots and lots of:

  entertrack.noarch: W: non-standard-uid /var/lib/entertrack/cache apache
  entertrack.noarch: W: non-standard-gid /var/lib/entertrack/cache apache
  entertrack.noarch: W: non-standard-uid /var/lib/entertrack/sessions apache
  entertrack.noarch: W: non-standard-gid /var/lib/entertrack/sessions apache

  As far as I'm aware these warnings are harmless.

+ package name satisfies the packaging naming guidelines

  Because this isn't a PHP add-on, it doesn't need to obey the PHP naming
  guidelines.

+ specfile name matches the package base name
+ package should satisfy packaging guidelines
? license meets guidelines and is acceptable to Fedora

  I'm dubious about this package.  It includes a wholesale copy
  of JpGraph (http://www.aditus.nu/jpgraph/jpdownload.php).

  The files say simply "All Rights Reserved" but the website says
  "JpGraph is released under a dual license. QPL 1.0 (Qt Free
  Licensee) For non-commercial, open-source or educational
  use and JpGraph Professional License for commercial use."

  This is "open source" (very loosely defined), but not
  "non-commercial".  Is this the free or the professional
  version?

  At the very minimum I think we need to run this one past
  Tom 'spot' Callaway, and I'd be happier if you could check
  that the copy included is not the professional version.

  The email/ directory is another copied package, license
  GPL (version unspecified).

  The includes/ directory is LGPLv2+.

- license matches the actual package license
+ %doc includes license file

  %doc includes one of the license files anyway.

+ spec file written in American English
+ spec file is legible
+ upstream sources match sources in the srpm
  87e141f72ce3994cf499e31d3e6a0274 916402
+ package successfully builds on at least one architecture
  i386
n/a ExcludeArch bugs filed
+ BuildRequires list all build dependencies
? %find_lang instead of %{_datadir}/locale/*

  Probably could have installed the po files using %find_lang
  instead of deleting them. Was there a problem with them?

n/a binary RPM with shared library files must call ldconfig in %post and %postun
+ does not use Prefix: /usr
+ package owns all directories it creates
+ no duplicate files in %files
+ %defattr line
+ %clean contains rm -rf $RPM_BUILD_ROOT
+ consistent use of macros
? package must contain code or permissible content
n/a large documentation files should go in -doc subpackage
+ files marked %doc should not affect package
n/a header files should be in -devel
n/a static libraries should be in -static
n/a packages containing pkgconfig (.pc) files need 'Requires: pkgconfig'
n/a libfoo.so must go in -devel
n/a -devel must require the fully versioned base
n/a packages should not contain libtool .la files
n/a packages containing GUI apps must include %{name}.desktop file
+ packages must not own files or directories owned by other packages
+ %install must start with rm -rf %{buildroot} etc.
+ filenames must be valid UTF-8

Optional:

? if there is no license file, packager should query upstream
n/a translations of description and summary for non-English languages, if available
- reviewer should build the package in mock
- the package should build into binary RPMs on all supported architectures
- review should test the package functions as described
n/a scriptlets should be sane
n/a pkgconfig files should go in -devel
+ shouldn't have file dependencies outside /etc /bin /sbin /usr/bin or /usr/sbin

Comment 6 Dan Horák 2008-09-02 15:08:33 UTC
Hm, it looks like that JpGraph is a bit problematic - http://fedoraproject.org/wiki/FWN/Issue82#JPGraph_License_Query_Shows_How_To_Remove_A_Package. I will remove it from the released source package completely, the cost will be non-working graph creation, but that is already mentioned in conf/paths.conf. I will talk about that issue with EnterTrack's upstream.

Comment 7 Dan Horák 2008-09-12 12:31:50 UTC
The inclusion of JpGraph library was posted upstream, see http://sourceforge.net/forum/forum.php?thread_id=2202649&forum_id=430769 for details.

Updated spec URL: http://fedora.danny.cz/et/entertrack.spec
Updated SRPM URL: http://fedora.danny.cz/et/entertrack-1.2.6-2.fc10.src.rpm

ChangeLog:
- remove JpGraph library from the source archive until done by upstream
- fix License tag

Comment 8 Richard W.M. Jones 2008-12-16 13:01:13 UTC
That corrects all the problems found in the original review, so:

APPROVED.

Comment 9 Dan Horák 2008-12-16 13:26:05 UTC
New Package CVS Request
=======================
Package Name: entertrack
Short Description: Artifact tracking/management system
Owners: sharkcz
Branches: F-9 F-10 EL-5

Comment 10 Kevin Fenzi 2008-12-17 22:07:32 UTC
cvs done.

Comment 11 Dan Horák 2008-12-18 17:59:55 UTC
Imported and built.

Thanks for the review.


Note You need to log in before you can comment on or make changes to this bug.