Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: skey - one-time password crap https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207805 ------- Additional Comments From tibbs@xxxxxxxxxxx 2006-09-25 00:48 EST ------- There is no requirement for a URL tag; if there is no upstream home page then it would be pointless to include a URL. The word "crap" does not appear in the package's summary, just this bugzilla ticket. (Check the specfile and you'll see.) One thing that concerns me is that the software is dated 1999, the upstream tarball lives in a directory named "dontuse", and the package includes a root-owned setuid binary. I'm not competent to evaluate this software for vulnerabilities, but it would be good to know the potential exposure. However, the license (or general lack thereof) is indeed troubling, and without clarification I think this does render this package unacceptable for extras. The PAM stuff is indicated to be GPL (but carries no license statement that I can see), md5.* is public domain, and the rest is pretty much indeterminate. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review