As pointed out in a previous message to the bug, #547092 "nagios-nrpe-server: Insecure 'SSL' option, key identical for all debian systems" is severity grave due to the security problem it introduces in the service (but not critical since the problem is limited to the nrpe service). I have adjusted it.
This bug hasn't had any activity for almost a year and was mostly shouting before that. This package shouldn't be in testing/stable until this is fixed lest others (as I did) spend a bunch of effort implementing lots of nrpe based checks before realizing they just opened a security hole on all their systems... If this can't be solved, maybe we could recommend better alternatives? Thanks, -- Matt Taggart tagg...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
