Bug 248067

Summary: Review Request: opie -- One-time Passwords In Everything
Product: [Fedora] Fedora Reporter: David Woodhouse <dwmw2>
Component: Package ReviewAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: davidf, degts, fedora-package-review, felix, gauret, notting, opensource, sundaram
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-20 17:57:14 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 201449    

Description David Woodhouse 2007-07-12 18:17:46 EDT
Spec URL: http://david.woodhou.se/opie.spec
SRPM URL: http://david.woodhou.se/opie-2.4-1.fc8.src.rpm
Description:
OPIE is an implementation of the One-Time Password (OTP) System that
is being considered for the Internet standards-track. OPIE provides a one-time
password system. The system should be secure against the passive attacks
now commonplace on the Internet (see RFC 1704 for more details). The system
is vulnerable to active dictionary attacks, though these are not widespread
at present and can be detected through proper use of system audit
software.
Comment 1 David Woodhouse 2007-07-12 18:30:07 EDT
What should I put in the 'License' tag? 

http://dehs.alioth.debian.org/wwiz_detail.php?id=8454741&type=watch
Comment 2 Jason Tibbitts 2007-07-28 02:08:30 EDT
I took a quick look at this.

Frankly I have no idea what should be used for the License: tag.  spot has been
doing much work in this area so perhaps you could ping him about it.

There's no %check section but I guess the package runs a test suite at make
time.  It fails pretty badly for me:

opietest: completed 13 tests. 5 tests passed, 2 tests skipped, 6 tests failed.
opietest: please correct the following failures before attempting to use OPIE:
          opieatob8
          opieetob
          opiegenerator
          opiehash(MD4)
          opiehash(MD5)
          opiekeycrunch

The build does continue after that but it's still troubling.  This is a mock
build on x86_64 rawhide; perhaps there are 64 bit issues?
Comment 3 Till Maas 2007-09-06 08:38:33 EDT
In an i386 Fedora 7 mock buld I get: opietest: completed 13 tests. 11 tests
passed, 2 tests skipped, 0 tests failed.
Comment 4 Till Maas 2007-09-06 08:56:38 EDT
On http://fedoraproject.org/wiki/Licensing the NRL License is listed and the
license tag should be "BSD with advertising". The TIN License looks pretty
similiar in vimdiff, so just ask spot to add the TIN License to the Licensing page.

Btw. where does the opiessh.c come from? There are some compiler warnings
because of a missing #include <unistd.h> and no return statement for main. I
guess "return execv(argv[0],argv);" would be good enough.
Comment 6 Rahul Sundaram 2008-08-11 20:27:05 EDT
Hey, are you still interested in this package?
Comment 7 David Woodhouse 2008-08-12 03:48:10 EDT
Not particularly. I have no need for dealing with the idiocy that is SSH+S/Key any more. I have different idiocy to deal with...

I don't mind maintaining the package though -- it should be fairly simple.

I wrote opiessh.c, but I can't test it any more. You could, though :)
Comment 8 Jason Tibbitts 2009-07-14 18:17:02 EDT
This is very old, and I'm not sure what should happen with it.  It seems at this point, with the test failures and license issue unresolved, that it would be better to just close this.  If you do want to continue, however, could you address those issues and provide an updated package.
Comment 9 Felix Kaechele 2009-08-04 10:20:50 EDT
Upstream seems dead as well since their website doesn't work anymore.
Comment 10 Jason Tibbitts 2009-08-20 17:57:14 EDT
After another month, I'm going ahead and closing this.