[Pkg-nagios-devel] Bug#660585: nagios-nrpe-server: again use secure RNG

Christoph Anton Mitterer calestyo at scientia.net
Mon Feb 20 02:00:29 UTC 2012


Nearly even worse btw.... as far as I can see,... this change is NOWHERE
documented (and one really should not be expected to get the source
package and look through all patches to see whether - diplomatically
said - anything was modified).

The config file, e.g., still happily claims it would use /dev/[u]random.

Even IF there was some reason for this change,... than it really must be
visibly documented for the user (README.Debian).
Now NRPE is not the most security critical package (and as I've
mentioned, SSL is totally useless in it anyway)... but that could have
been different.


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5677 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20120220/c86978ce/attachment.bin>


More information about the Pkg-nagios-devel mailing list