Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 583251
Summary: | Review Request: dcfldd - Improved dd, useful for forensics and security | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michal Ambroz <rebus> |
Component: | Package Review | Assignee: | Terje Røsten <terjeros> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | fedora-package-review, notting, pahan, tcallawa, terjeros |
Target Milestone: | --- | Flags: | terjeros:
fedora-review+
gwync: fedora-cvs+ |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | dcfldd-1.3.4.1-11.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-05-04 06:08:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 563471 |
Description
Michal Ambroz
2010-04-17 12:05:34 UTC
I am sorry for typo - reference should be Dag Wieers. Some quick comments: o use %global over %define (and move it to the top). o not needed to add gcc-c++ and libstdc++-devel to buildreq, remove. o change source tag to source0 o add INSTALL='install -p' to make install to preserve timestamps o change %defattr(-, root, root, 0755) to %defattr(-, root, root, -) One more things o no need to mark man pages as %doc, done by rpm any way. Hello Terje, thank you for the review and for the comments. Here is updated package SPEC URL: http://rebus.fedorapeople.org/fedora/12/SPECS/dcfldd.spec SRPM URL: http://rebus.fedorapeople.org/fedora/12/SRPMS/dcfldd-1.3.4.1-3.fc12.src.rpm Best regards. Michal Ambroz Thanks, everything seems fine here now. Except a license issue. Most files are GPLv2+, good. However, there are a mix: md5.c and md5.h coming from RSA: ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** ** ** ** License to copy and use this software is granted provided that ** ** it is identified as the "RSA Data Security, Inc. MD5 Message ** ** Digest Algorithm" in all material mentioning or referencing this ** ** software or this function. ** ** ** ** License is also granted to make and use derivative works ** ** provided that such works are identified as "derived from the RSA ** ** Data Security, Inc. MD5 Message Digest Algorithm" in all ** ** material mentioning or referencing the derived work. ** ** ** ** RSA Data Security, Inc. makes no representations concerning ** ** either the merchantability of this software or the suitability ** ** of this software for any particular purpose. It is provided "as ** ** is" without express or implied warranty of any kind. ** ** ** ** These notices must be retained in any copies of any part of this ** ** documentation and/or software. sha1.c and sha1.h have * Copyright (c) 2001-2003 Allan Saddi <allan> * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY ALLAN SADDI AND HIS CONTRIBUTORS ``AS IS'' * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL ALLAN SADDI OR HIS CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. while sha2.c and sha2.h are: * AUTHOR: Aaron D. Gifford <me> * * Copyright (c) 2000-2001, Aaron D. Gifford * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the copyright holder nor the names of contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. I need some help here. Spot, I added you to CC: can you please have a look at the license status in dcfldd. Okay. So, the latter two licenses are just BSD. The top one would be a problem (Free but GPL-incompatible), but because it is from RSA and covers the "MD5 Message Digest Algorithm", it isn't. The full explanation is here: https://fedoraproject.org/wiki/Licensing/FAQ#MD5 The short version: We can treat the code under that license as "Copyright Only", but we should advise the dcfldd upstream of the license incompatibility and recommend that they "use" this code without RSA's license as well, and reflect that usage in the source code by removing RSA's license (but not RSA's copyright). The license tag should be # Note that we are using the RSA MD5 code without license. # See: https://fedoraproject.org/wiki/Licensing:FAQ#MD5 License: GPLv2+ and BSD and Copyright Only Hello guys, thank you for help - I will update the package in this sense and notify upstream. Best regards Michal Ambroz Hello, I have update the package with the license statements as recommended by Tom "spot" Callaway. SPEC URL: http://rebus.fedorapeople.org/12/SPECS/dcfldd.spec SRPM URL: http://rebus.fedorapeople.org/12/SRPMS/dcfldd-1.3.4.1-4.fc12.src.rpm Output from rpmlint: $ rpmlint dcfldd-1.3.4.1-4.fc12.src.rpm dcfldd-1.3.4.1-4.fc12.i686.rpm dcfldd-debuginfo-1.3.4.1-4.fc12.i686.rpm dcfldd.src: W: invalid-license Copyright Only dcfldd.i686: W: invalid-license Copyright Only dcfldd-debuginfo.i686: W: invalid-license Copyright Only 3 packages and 0 specfiles checked; 0 errors, 3 warnings. Koji build F12: http://koji.fedoraproject.org/koji/taskinfo?taskID=2144215 Koji build F13: http://koji.fedoraproject.org/koji/taskinfo?taskID=2144225 Best regards Michal Ambroz ok rpmlint (just warnings which can be ignored) ok naming of package and spec ok spec file ok license approved and tag ok. Thanks spot! ok license in %doc ok correct language ok sha1sum on sources and ok url fb1c55f107a6af5ef8703a44d33476e508815913 dcfldd-1.3.4-1.tar.gz fb1c55f107a6af5ef8703a44d33476e508815913 dcfldd-1.3.4-1.tar.gz.spec ok koji build with correct buildreq ok excludearch - locale files - ldconfig ok no bundling ok owns, dirs and perms and only once ok macros ok code or content - large docs ok %doc not affect the runtime - headers|static in devel|static - .so in devel - devel dep on base - no .la|.a file - gui with desktop file ok own just not owned ok utf-8 file names ok separate file from upstream ok trans ok mock/koji see comment #8 ok testing - scriptlets sane - subpkgs dep on base - pkgconfig(.pc) in devel - req on package not on files ok add man pages The package dcfldd is APPROVED. New Package CVS Request ======================= Package Name: dcfldd Short Description: Enhanced version of GNU dd with features useful for forensics and security Owners: rebus Branches: F-12 F-13 EL-4 EL-5 devel InitialCC: Thank you Michal Ambroz CVS done (by process-cvs-requests.py). dcfldd-1.3.4.1-4.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.fc13 dcfldd-1.3.4.1-4.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el4 dcfldd-1.3.4.1-4.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.fc12 dcfldd-1.3.4.1-4.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el5 dcfldd-1.3.4.1-4.el4 has been pushed to the Fedora EPEL 4 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update dcfldd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el4 dcfldd-1.3.4.1-4.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update dcfldd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-4.el5 dcfldd-1.3.4.1-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. dcfldd-1.3.4.1-4.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. dcfldd-1.3.4.1-4.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. dcfldd-1.3.4.1-4.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report. Package Change Request ====================== Package Name: dcfldd New Branches: epel7 Owners: rebus Hello SCM team, plase can you add epel7 branch for the dcfldd package? Michal Ambroz Git done (by process-git-requests). dcfldd-1.3.4.1-11.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/dcfldd-1.3.4.1-11.el7 dcfldd-1.3.4.1-11.el7 has been pushed to the Fedora EPEL 7 stable repository. removing the alias due to bug in bugzilla it prevented searching for dcfldd |