[Bug 207805] Review Request: skey - one-time password crap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: skey - one-time password crap


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207805





------- Additional Comments From tibbs@xxxxxxxxxxx  2006-09-25 00:48 EST -------
There is no requirement for a URL tag; if there is no upstream home page then it
would be pointless to include a URL.

The word "crap" does not appear in the package's summary, just this bugzilla
ticket.  (Check the specfile and you'll see.)

One thing that concerns me is that the software is dated 1999, the upstream
tarball lives in a directory named "dontuse", and the package includes a
root-owned setuid binary.  I'm not competent to evaluate this software for
vulnerabilities, but it would be good to know the potential exposure.

However, the license (or general lack thereof) is indeed troubling, and without
clarification I think this does render this package unacceptable for extras. 
The PAM stuff is indicated to be GPL (but carries no license statement that I
can see), md5.* is public domain, and the rest is pretty much indeterminate.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]