[Bug 207805] Review Request: skey - one-time password crap
bugzilla at redhat.com
bugzilla at redhat.com
Mon Sep 25 04:48:37 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: skey - one-time password crap
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207805
------- Additional Comments From tibbs at math.uh.edu 2006-09-25 00:48 EST -------
There is no requirement for a URL tag; if there is no upstream home page then it
would be pointless to include a URL.
The word "crap" does not appear in the package's summary, just this bugzilla
ticket. (Check the specfile and you'll see.)
One thing that concerns me is that the software is dated 1999, the upstream
tarball lives in a directory named "dontuse", and the package includes a
root-owned setuid binary. I'm not competent to evaluate this software for
vulnerabilities, but it would be good to know the potential exposure.
However, the license (or general lack thereof) is indeed troubling, and without
clarification I think this does render this package unacceptable for extras.
The PAM stuff is indicated to be GPL (but carries no license statement that I
can see), md5.* is public domain, and the rest is pretty much indeterminate.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list