From Fedora Project Wiki
Here is the template I use for doing package reviews (copied from JasonTibbitts).
1. package meets naming and packaging guidelines. 2. specfile is properly named, is cleanly written and uses macros consistently. 3. dist tag is present. 4. build root is sane. 5. license field matches the actual license. 6. license is open source-compatible. XXX License text not included upstream. XXX License text included in package. 7. source files match upstream: (include md5sum output) 8. latest version is being packaged. 9. BuildRequires are proper. 10. package builds in mock ( ). 11. rpmlint is silent. 12. final provides and requires are sane: (include output of for i in *rpm; do echo $i; rpm -qp --provides $i; echo =; rpm -qp --requires $i; echo; done manually indented after checking each line. I also remove the rpmlib junk and anything provided by glibc.) 13. no shared libraries are present. 14. package is not relocatable. 15. owns the directories it creates. 16. doesn't own any directories it shouldn't. 17. no duplicates in %files. 18. file permissions are appropriate. 19. %clean is present. 20. %check is present and all tests pass: (include the summary from the test suite, if any) 21. no scriptlets present. 22. code, not content. 23. documentation is small, so no -docs subpackage is necessary. 24. %docs are not necessary for the proper functioning of the package. 25. no headers. 26. no pkgconfig files. 27. no libtool .la droppings. 28. not a GUI app. 29. not a web app.