Bug 248067 - Review Request: opie -- One-time Passwords In Everything
Summary: Review Request: opie -- One-time Passwords In Everything
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: FE-DEADREVIEW
TreeView+ depends on / blocked
 
Reported: 2007-07-12 22:17 UTC by David Woodhouse
Modified: 2009-08-20 21:57 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-20 21:57:14 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description David Woodhouse 2007-07-12 22:17:46 UTC 
Spec URL: http://david.woodhou.se/opie.spec
SRPM URL: http://david.woodhou.se/opie-2.4-1.fc8.src.rpm
Description:
OPIE is an implementation of the One-Time Password (OTP) System that
is being considered for the Internet standards-track. OPIE provides a one-time
password system. The system should be secure against the passive attacks
now commonplace on the Internet (see RFC 1704 for more details). The system
is vulnerable to active dictionary attacks, though these are not widespread
at present and can be detected through proper use of system audit
software.
Comment 1 David Woodhouse 2007-07-12 22:30:07 UTC 
What should I put in the 'License' tag? 

http://dehs.alioth.debian.org/wwiz_detail.php?id=8454741&type=watch
Comment 2 Jason Tibbitts 2007-07-28 06:08:30 UTC 
I took a quick look at this.

Frankly I have no idea what should be used for the License: tag.  spot has been
doing much work in this area so perhaps you could ping him about it.

There's no %check section but I guess the package runs a test suite at make
time.  It fails pretty badly for me:

opietest: completed 13 tests. 5 tests passed, 2 tests skipped, 6 tests failed.
opietest: please correct the following failures before attempting to use OPIE:
          opieatob8
          opieetob
          opiegenerator
          opiehash(MD4)
          opiehash(MD5)
          opiekeycrunch

The build does continue after that but it's still troubling.  This is a mock
build on x86_64 rawhide; perhaps there are 64 bit issues?
Comment 3 Till Maas 2007-09-06 12:38:33 UTC 
In an i386 Fedora 7 mock buld I get: opietest: completed 13 tests. 11 tests
passed, 2 tests skipped, 0 tests failed.
Comment 4 Till Maas 2007-09-06 12:56:38 UTC 
On http://fedoraproject.org/wiki/Licensing the NRL License is listed and the
license tag should be "BSD with advertising". The TIN License looks pretty
similiar in vimdiff, so just ask spot to add the TIN License to the Licensing page.

Btw. where does the opiessh.c come from? There are some compiler warnings
because of a missing #include <unistd.h> and no return statement for main. I
guess "return execv(argv[0],argv);" would be good enough.
Comment 6 Rahul Sundaram 2008-08-12 00:27:05 UTC 
Hey, are you still interested in this package?
Comment 7 David Woodhouse 2008-08-12 07:48:10 UTC 
Not particularly. I have no need for dealing with the idiocy that is SSH+S/Key any more. I have different idiocy to deal with...

I don't mind maintaining the package though -- it should be fairly simple.

I wrote opiessh.c, but I can't test it any more. You could, though :)
Comment 8 Jason Tibbitts 2009-07-14 22:17:02 UTC 
This is very old, and I'm not sure what should happen with it.  It seems at this point, with the test failures and license issue unresolved, that it would be better to just close this.  If you do want to continue, however, could you address those issues and provide an updated package.
Comment 9 Felix Kaechele 2009-08-04 14:20:50 UTC 
Upstream seems dead as well since their website doesn't work anymore.
Comment 10 Jason Tibbitts 2009-08-20 21:57:14 UTC 
After another month, I'm going ahead and closing this.
Note You need to log in before you can comment on or make changes to this bug.