Bug 461385

Summary: Review Request: hydra - A very fast network logon cracker
Product: [Fedora] Fedora Reporter: Conrad Meyer <cse.cem+redhatbugz>
Component: Package ReviewAssignee: Andreas Thienemann <andreas>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: andreas, athmanem, fedora-package-review, mail, notting, pahan, tcallawa
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-22 20:36:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 182235, 563471    

Description Conrad Meyer 2008-09-07 03:51:26 UTC 
Spec URL: http://konradm.fedorapeople.org/fedora/SPECS/hydra.spec
SRPM URL: http://konradm.fedorapeople.org/fedora/SRPMS/hydra-5.4-1.fc9.src.rpm
Description:
Hydra is a parallized login cracker which supports numerous protocols
to attack. New modules are easy to add, beside that, it is flexible
and very fast. Currently this tool supports:
  TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,
  RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS,
  ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable,
  LDAP2, Cisco AAA (incorporated in telnet module).

This tool is a proof of concept code, to give researchers and security
consultants the possiblity to show how easy it would be to gain
unauthorized access from remote to a system.
Comment 1 Andreas Thienemann 2008-10-20 18:14:06 UTC 
That one was a pretty quick review as it didn't compile in mock. Please check

OK - source files match upstream:
 cd2e7e5ea479d50982b08334b1f4477a6620e6b45bc79ab55ddd07b128c64611  hydra-5.4-src.tar.gz
OK - package meets naming and versioning guidelines.
??? - specfile is properly named, is cleanly written and uses macros consistently.
 Shouldn't the sed cack for the Makefile go into the prep phase?
OK - dist tag is present.
OK - build root is correct.
NOK - license field matches the actual license.
NOK - license is open source-compatible.
 While the code is GPLv2, there's a LICENCE.HYDRA file adding additional 
 stipulations. Please check this, blocking FE-LEGAL until cleared up.
OK - license text included in package.
OK - latest version is being packaged.
NOK - BuildRequires are proper.
 Missing buildrequires.
OK - compiler flags are appropriate.
OK - %clean is present.
NOK - package builds in mock.
 At least one missing dependency on openssl-devel, possibly other. Please check.

NOTCHECKED:
package installs properly.
debuginfo package looks complete.
rpmlint is silent.
final provides and requires are sane:
  (paste in the rpm -qp --provides and --requires output)
%check is present and all tests pass:
  (if possible, include some info indicating a successful test suite)
  (it's OK if there's no test suite, but if one is there it should be run if possible)
no shared libraries are added to the regular linker search paths.
  (or, if shared libraries are present, make sure ldconfig is run)
owns the directories it creates.
doesn't own any directories it shouldn't.
no duplicates in %files.
file permissions are appropriate.
no scriptlets present.
  (or, if scriptlets are present, compare them against the ScriptletSnippets page)
code, not content.
documentation is small, so no -docs subpackage is necessary.
%docs are not necessary for the proper functioning of the package.
no headers.
no pkgconfig files.
no libtool .la droppings.
desktop files valid and installed properly.
Comment 2 Tom "spot" Callaway 2008-10-22 20:07:35 UTC 
The additional restrictions in LICENCE.Hydra make this non-free (and unacceptable for Fedora).
Comment 3 Conrad Meyer 2008-10-22 20:36:03 UTC 
(In reply to comment #2)
> The additional restrictions in LICENCE.Hydra make this non-free (and
> unacceptable for Fedora).

OK, closing the bug then.