Bug 461385 - Review Request: hydra - A very fast network logon cracker
Summary: Review Request: hydra - A very fast network logon cracker
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Andreas Thienemann
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: FE-Legal FE-SECLAB
TreeView+ depends on / blocked
 
Reported: 2008-09-07 03:51 UTC by Conrad Meyer
Modified: 2012-01-22 05:19 UTC (History)
7 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2008-10-22 20:36:03 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Conrad Meyer 2008-09-07 03:51:26 UTC 
Spec URL: http://konradm.fedorapeople.org/fedora/SPECS/hydra.spec
SRPM URL: http://konradm.fedorapeople.org/fedora/SRPMS/hydra-5.4-1.fc9.src.rpm
Description:
Hydra is a parallized login cracker which supports numerous protocols
to attack. New modules are easy to add, beside that, it is flexible
and very fast. Currently this tool supports:
  TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,
  RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS,
  ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable,
  LDAP2, Cisco AAA (incorporated in telnet module).

This tool is a proof of concept code, to give researchers and security
consultants the possiblity to show how easy it would be to gain
unauthorized access from remote to a system.
Comment 1 Andreas Thienemann 2008-10-20 18:14:06 UTC 
That one was a pretty quick review as it didn't compile in mock. Please check

OK - source files match upstream:
 cd2e7e5ea479d50982b08334b1f4477a6620e6b45bc79ab55ddd07b128c64611  hydra-5.4-src.tar.gz
OK - package meets naming and versioning guidelines.
??? - specfile is properly named, is cleanly written and uses macros consistently.
 Shouldn't the sed cack for the Makefile go into the prep phase?
OK - dist tag is present.
OK - build root is correct.
NOK - license field matches the actual license.
NOK - license is open source-compatible.
 While the code is GPLv2, there's a LICENCE.HYDRA file adding additional 
 stipulations. Please check this, blocking FE-LEGAL until cleared up.
OK - license text included in package.
OK - latest version is being packaged.
NOK - BuildRequires are proper.
 Missing buildrequires.
OK - compiler flags are appropriate.
OK - %clean is present.
NOK - package builds in mock.
 At least one missing dependency on openssl-devel, possibly other. Please check.

NOTCHECKED:
package installs properly.
debuginfo package looks complete.
rpmlint is silent.
final provides and requires are sane:
  (paste in the rpm -qp --provides and --requires output)
%check is present and all tests pass:
  (if possible, include some info indicating a successful test suite)
  (it's OK if there's no test suite, but if one is there it should be run if possible)
no shared libraries are added to the regular linker search paths.
  (or, if shared libraries are present, make sure ldconfig is run)
owns the directories it creates.
doesn't own any directories it shouldn't.
no duplicates in %files.
file permissions are appropriate.
no scriptlets present.
  (or, if scriptlets are present, compare them against the ScriptletSnippets page)
code, not content.
documentation is small, so no -docs subpackage is necessary.
%docs are not necessary for the proper functioning of the package.
no headers.
no pkgconfig files.
no libtool .la droppings.
desktop files valid and installed properly.
Comment 2 Tom "spot" Callaway 2008-10-22 20:07:35 UTC 
The additional restrictions in LICENCE.Hydra make this non-free (and unacceptable for Fedora).
Comment 3 Conrad Meyer 2008-10-22 20:36:03 UTC 
(In reply to comment #2)
> The additional restrictions in LICENCE.Hydra make this non-free (and
> unacceptable for Fedora).

OK, closing the bug then.
Note You need to log in before you can comment on or make changes to this bug.