[Pkg-nagios-devel] Bug#794976: nagios3: loads remote web resources

Matt Taggart taggart at debian.org
Sat Aug 8 21:45:24 UTC 2015

Package: nagios3-cgi
Version: 3.5.1.dfsg-2+b1
Severity: wishlist

The main nagios webpage
which cotains some javascript that loads
which pull remote RSS feeds from

This might be undesirable for a couple reasons:
1) it would reveal to a network evesdropper that a system has
  nagios installed, which could prompt attacks.
2) it will fail if the server does not have a route to the internet
3) it uses a tiny amount of bandwidth

These are all relatively minor issues, but in general it would be
better if debian packages did not load remote resources (although it's
not strictly against policy) so I think this is only 'wishlist'


Matt Taggart
taggart at debian.org

More information about the Pkg-nagios-devel mailing list