[Pkg-nagios-devel] Bug#660585: nagios-nrpe-server: again use secure RNG
Christoph Anton Mitterer
calestyo at scientia.net
Mon Feb 20 01:51:52 UTC 2012
Package: nagios-nrpe-server
Version: 2.12-5
Severity: important
Tags: security
Hi.
I've been just shocked when I went through the patches and saw that one removes
the usage of /dev/urandom and replaces it by some week seed.
I mean ok, SSL in the Nagios version of NRPE is completely broken anyway...
But why're you doing this? Sorry for making noise, but it seems just pointless?!
This remembers so strong to Debian's OpenSSL patching around catastrophy.
Even though SSL is useless anyway right now, if there's no good reason for it,
please drop this patch.
Cheers,
Chris.
More information about the Pkg-nagios-devel
mailing list