this is perfectly fine for me, if it free software. feel free to do the changes you want yourself.
if you cant there is always a debian consultants page. > From: Gürkan Myczko <gur...@phys.ethz.ch> > Date: March 25, 2024 at 00:21:38 GMT+1 > To: Thorsten Alteholz <ftpmas...@ftp-master.debian.org> > Subject: Re: ruptime_1.4-1_amd64.changes REJECTED > > Hi, > >> after a short glimpse even I already found some issues with this software: >> If you install ruptime.key as described in README.md, you will get a world >> readable key file. >> As this is a symmetric key, everyone who has access to the key on one >> machine can forge messages on every other machine. >> I would not say that this can be called "encrypted messages" at all. > > It is encrypted to all users on that machine. This is a design choice, and > there's now README.Debian > that describes how to overcome the issue, if it is one for you. It is none to > me, and majority of users. > > Please have a look at xymon and xymon-client. Not encrypted messages at all, > no builtin ACL either, anyone on > ther internet can forge messages on every xymon server. > >> It uses mcrypt in version 2.6.8 which is from 2009. It uses CBC as default >> encryption algorithm. >> Nowadays this is no longer recommended to use. > > This has been fixed with 1.8, no more mcrypt. Now we're with openssl. > >> Doing something like >> echo "/*/*/*/*/*/* asd" |nc localhost 51300 >> for each core of your ruptimed server makes it really busy. >> There is no check, no ACL, nothing to prevent this. > > I was not able to do anything like that, if you look at the ruptimed, you can > clearly see this is not simply possible, never has been. > >> This software might be nice, but there is still some work to do. > > I believe it is indeed nice, compared to the existing rwhod packages in the > archive. > Further work will happen, as the software is maintained upstream. > > Best, > Alex > >> Thorsten >> === >> Please feel free to respond to this email if you don't understand why >> your files were rejected, or if you upload new files which address our >> concerns.
