Christoph Anton Mitterer
2012-Feb-20 01:51 UTC
[Secure-testing-team] Bug#660585: nagios-nrpe-server: again use secure RNG
Package: nagios-nrpe-server Version: 2.12-5 Severity: important Tags: security Hi. I''ve been just shocked when I went through the patches and saw that one removes the usage of /dev/urandom and replaces it by some week seed. I mean ok, SSL in the Nagios version of NRPE is completely broken anyway... But why''re you doing this? Sorry for making noise, but it seems just pointless?! This remembers so strong to Debian''s OpenSSL patching around catastrophy. Even though SSL is useless anyway right now, if there''s no good reason for it, please drop this patch. Cheers, Chris.