Hi Andreas,
Upstream also suggested[2] that we could just remove the radsecret script, since it's not used by anything else, but I rather not deviate from upstream that much if we can.
Same here. Have you considered to submit the replacement upstream? I will gladly cherry-pick the change as soon as it has been merged upstream. Since it is somewhat security sensitive I would rather not deviate from upstream here (the great Debian OpenSSL debacle comes to mind).
Bernhard
