Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 198691 - Review Request: steghide - A Steganography Program
Summary: Review Request: steghide - A Steganography Program
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Chris Weyl
QA Contact: Fedora Package Reviews List
URL:
Whiteboard:
Depends On:
Blocks: FE-ACCEPT
TreeView+ depends on / blocked
 
Reported: 2006-07-12 20:15 UTC by Jochen Schmitt
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-07-24 15:13:10 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Jochen Schmitt 2006-07-12 20:15:31 UTC 
Spec: http://www.herr-schmitt.de/pub/steghide/steghide.spec
SRPM: http://www.herr-schmitt.de/pub/steghide/steghide-0.5.1-1.src.rpm

Steghide is a steganography program that is able to hide data in various kinds
of image- and audio-files. The color- respectivly sample-frequencies are not
changed thus making the embedding resistant against first-order statistical
tests. Features of steghide include compression and encryption of embedded
data,

embedding of a checksum to verify the integrity of the extracted data and
support for jpeg, bmp, wav and au files.
Comment 1 Parag AN(पराग) 2006-07-13 19:01:29 UTC 
== Not an official review as I'm not yet sponsored ==
   Mock build for development i386 is sucessfull with warnings 
CvrStgObject.h:40: warning: 'class CvrStgObject' has virtual functions but
non-virtual destructor
MCryptPPTest.cc: In member function 'bool MCryptPPTest::genericTestDecryption()':
MCryptPPTest.cc:47: warning: control reaches end of non-void function
MCryptPPTest.cc: In member function 'bool MCryptPPTest::genericTestEncryption()':
MCryptPPTest.cc:43: warning: control reaches end of non-void function


* MUST Items:
      - rpmlint shows no error. 
      - dist tag is present.
      - The package is named according to the Package Naming Guidelines.
      - The spec file name matching the base package steghide, in the
format steghide.spec.
      - This package meets the Packaging Guidelines.
      - The spec file for the package MUST be legible.
      - The package is licensed with an open-source compatible license GPL.
      - This package includes License file COPYING.
      - This source package includes the text of the license in its own file,and
that file, containing the text of the license for the package is included in %doc.
      - The sources used to build the package matches the upstream source,
as provided in the spec URL. md5sum is correct (5be490e24807d921045780fd8cc446b3)
      - This package successfully compiled and built into binary rpms for i386
architecture.
      - This package did not containd any ExcludeArch.
      - This package handled locales properly. This is done by using the
%find_lang macro. Not used %{_datadir}/locale/*.
      - This package owns all directories that it creates. 
      - This package did not contain any duplicate files in the %files
listing.
      - This package  have a %clean section, which contains rm -rf
$RPM_BUILD_ROOT.
      - This package used macros.
      - Document files are included like README.
      - Package did NOT contained any .la libtool archives.

Also,
      * Source URL is present and working.
      * BuildRoot is correct BuildRoot:       
%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
      * BuildRequires is correct
      * Package is working fine on i386.
Comment 2 Paul Howarth 2006-07-13 19:48:48 UTC 
Bug appears to have been closed by mistake
Comment 3 Chris Weyl 2006-07-21 04:04:54 UTC 
Parag:

Good first pass at a review.  Note that compiler warnings like that are
generally disregarded for the purposes of review, unless it's something
_serious_ or correctable on our end.  But, that being said, when in doubt, note it.

The MUSTs are good places to start for reviews, as you've discovered...  I
encourage you to look at the other templates people are using (or patently
stealing, like me <grin>).  Keep it up, you're improving each time around.

Jochen:

I'd recommend addressing the rpmlint warning below as it's a lot of visual
spam otherwise, but it's not a blocker.

+ package meets naming and packaging guidelines.
+ specfile is properly named, is cleanly written and uses macros consistently.
+ dist tag is present.
+ build root is correct.
+ license field matches the actual license.
+ license is open source-compatible.  License text included in package.
+ source files match upstream:
 5be490e24807d921045780fd8cc446b3  steghide-0.5.1.tar.gz
 5be490e24807d921045780fd8cc446b3  steghide-0.5.1.tar.gz.srpm
+ latest version is being packaged.
+ BuildRequires are proper.
+ package builds in mock (5+devel/x86_64).
+ rpmlint is silent on binary package
O rpmlint issues warming on source package (ignorable)
W: steghide setup-not-quiet
+ final provides and requires are sane:
 steghide-0.5.1-1.fc5.x86_64.rpm
 == provides
 steghide = 0.5.1-1.fc5
 == requires
 libc.so.6()(64bit)
 libgcc_s.so.1()(64bit)
 libgcc_s.so.1(GCC_3.0)(64bit)
 libjpeg.so.62()(64bit)
 libm.so.6()(64bit)
 libm.so.6(GLIBC_2.2.5)(64bit)
 libmcrypt.so.4()(64bit)
 libmhash.so.2()(64bit)
 libstdc++.so.6()(64bit)
 libstdc++.so.6(CXXABI_1.3)(64bit)
 libstdc++.so.6(CXXABI_1.3.1)(64bit)
 libstdc++.so.6(GLIBCXX_3.4)(64bit)
 libz.so.1()(64bit)
+ no shared libraries are present.
+ package is not relocatable.
+ owns the directories it creates.
+ doesn't own any directories it shouldn't.
+ no duplicates in %files.
+ file permissions are appropriate.
+ %clean is present.
+ %check is present and all tests pass:
+ no scriptlets present.
+ code, not content.
+ documentation is small, so no -docs subpackage is necessary.
+ %docs are not necessary for the proper functioning of the package.
+ no headers.
+ no pkgconfig files.
+ no libtool .la droppings.
+ not a GUI app.
+ not a web app.

APPROVED
Note You need to log in before you can comment on or make changes to this bug.