https://bugzilla.redhat.com/show_bug.cgi?id=2376217 --- Comment #40 from Maxwell G <maxwell@xxxxxxx> --- Thanks. The licensing is a blocker for the package, so please make sure that's fixed. Go Vendor Tools is now available on EPEL 9, 10.0, 10.1, and 10.2 in addition to Fedora, so that is the preferred approach there, but at the very least, the License: expression in the specfile should agree with what a more thorough scan using Go Vendor Tools detects. > Is there anything else? - Using the vendored Provides license generator would be preferred over listing them manually, so I'll see if I can also backport that to EPEL 8 and then you can use it there, but that shouldn't be a blocker. - Are there bundled web assets (HTML, CSS, JS) in this package? I didn't realize that this wasn't just a pure Go package (my bad), but I saw these files in the git repository. If there are, you also need to follow the guidelines for web assets and javascript. Ideally, you could build the web assets from source like the forgejo package does. Also, license expression and bundled Provides would need to encompass the web assets. I'm not super well-versed in packaging web assets, but AFAIK, proper licensing and bundled Provides are mandatory and things should be built from source unless it's completely impractical (e.g., upstream only includes bundled css or javascript libraries or minified/precompiled css or javascript files in the sources with no easy way to unbundle or regenerate them). See https://docs.fedoraproject.org/en-US/packaging-guidelines/Web_Assets/ and https://docs.fedoraproject.org/en-US/packaging-guidelines/JavaScript/. Other than that, I guess this is fine for inclusion in Fedora (I did a pretty thorough review), but I'm still not happy how much this diverges from current Go SIG practices and the upcoming Guidelines for packaging vendored Go applications. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2376217 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202376217%23c40 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
