Package: nagios3-cgi Version: 3.5.1.dfsg-2+b1 Severity: wishlist The main nagios webpage /usr/share/nagios3/htdocs/index.php loads /usr/share/nagios3/htdocs/main.php which cotains some javascript that loads /usr/share/nagios3/htdocs/rss-feed.php /usr/share/nagios3/htdocs/rss-newsfeed.php which pull remote RSS feeds from http://www.nagios.org/backend/feeds/corepromo http://www.nagios.org/backend/feeds/frontpage/
This might be undesirable for a couple reasons: 1) it would reveal to a network evesdropper that a system has nagios installed, which could prompt attacks. 2) it will fail if the server does not have a route to the internet 3) it uses a tiny amount of bandwidth These are all relatively minor issues, but in general it would be better if debian packages did not load remote resources (although it's not strictly against policy) so I think this is only 'wishlist' severity. Thanks, -- Matt Taggart tagg...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
