https://bugzilla.redhat.com/show_bug.cgi?id=2374290 andreyesquivel.dev@xxxxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andreyesquivel.dev@proton.m | |e --- Comment #1 from andreyesquivel.dev@xxxxxxxxx --- Hello Yanko, This is one of my mock reviews for the Fedora sponsorship process. I performed a thorough review and build of genext2fs comparing the version 1.4.2 (the one you shared) with the newer upstream release 1.5.0 (see https://github.com/bestouff/genext2fs/releases/tag/v1.5.0). Both versions compile successfully under the Fedora build environment using rpmbuild -ba and standard compiler flags, and their respective test suites run without failures or crashes. For version 1.5.0, I created a provisional .spec file and confirmed that the packaging process completes correctly. During the build process, both versions emit a number of compiler warnings. These include suspicious uses of strncpy and sizeof, which may lead to truncation (-Wstringop-truncation, -Wsizeof-pointer-memaccess), warnings about ignored return values from fread (-Wunused-result), and the potential use of uninitialized variables (-Wmaybe-uninitialized). These warnings appear consistently across both versions, indicating that they originate from upstream code. Although it would be reasonable to consider packaging the newer 1.5.0 release, both versions exhibit similar upstream code issues that have not yet been addressed. In accordance with Fedora’s guideline of staying close to upstream projects (see https://docs.fedoraproject.org/en-US/package-maintainers/Staying_Close_to_Upstream_Projects/), it is strongly recommended to contact the upstream maintainer to notify him about these warnings. This collaborative approach helps improve the long-term quality, security, and maintainability of the project. Engaging upstream early ensures future releases can be packaged with high confidence and helps eliminate possible runtime issues for the open source community. I hope this mock review may help for future reviewers that want to work on this package. I will be here to help if needed. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2374290 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202374290%23c1 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
