Red Hat Bugzilla – Bug 248067
Review Request: opie -- One-time Passwords In Everything
Last modified: 2009-08-20 17:57:14 EDT
Spec URL: http://david.woodhou.se/opie.spec
SRPM URL: http://david.woodhou.se/opie-2.4-1.fc8.src.rpm
OPIE is an implementation of the One-Time Password (OTP) System that
is being considered for the Internet standards-track. OPIE provides a one-time
password system. The system should be secure against the passive attacks
now commonplace on the Internet (see RFC 1704 for more details). The system
is vulnerable to active dictionary attacks, though these are not widespread
at present and can be detected through proper use of system audit
What should I put in the 'License' tag?
I took a quick look at this.
Frankly I have no idea what should be used for the License: tag. spot has been
doing much work in this area so perhaps you could ping him about it.
There's no %check section but I guess the package runs a test suite at make
time. It fails pretty badly for me:
opietest: completed 13 tests. 5 tests passed, 2 tests skipped, 6 tests failed.
opietest: please correct the following failures before attempting to use OPIE:
The build does continue after that but it's still troubling. This is a mock
build on x86_64 rawhide; perhaps there are 64 bit issues?
In an i386 Fedora 7 mock buld I get: opietest: completed 13 tests. 11 tests
passed, 2 tests skipped, 0 tests failed.
On http://fedoraproject.org/wiki/Licensing the NRL License is listed and the
license tag should be "BSD with advertising". The TIN License looks pretty
similiar in vimdiff, so just ask spot to add the TIN License to the Licensing page.
Btw. where does the opiessh.c come from? There are some compiler warnings
because of a missing #include <unistd.h> and no return statement for main. I
guess "return execv(argv,argv);" would be good enough.
Hey, are you still interested in this package?
Not particularly. I have no need for dealing with the idiocy that is SSH+S/Key any more. I have different idiocy to deal with...
I don't mind maintaining the package though -- it should be fairly simple.
I wrote opiessh.c, but I can't test it any more. You could, though :)
This is very old, and I'm not sure what should happen with it. It seems at this point, with the test failures and license issue unresolved, that it would be better to just close this. If you do want to continue, however, could you address those issues and provide an updated package.
Upstream seems dead as well since their website doesn't work anymore.
After another month, I'm going ahead and closing this.