Your message dated Sat, 01 Mar 2014 09:49:26 +0000
with message-id <[email protected]>
and subject line Bug#737917: fixed in ntop 3:5.0.1+dfsg1-2
has caused the Debian Bug report #737917,
regarding ntop phones home every time it's started
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
737917: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737917
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ntop
Version: 3:5.0.1+dfsg1-1
Severity: important
Dear Maintainer,
When working on configuring NTOP I was tweaking parameters through the
/etc/default/ntop variable GETOPT. Reading the help and man page one thing I
found was --skip-version-check.
This sparked my interest to look at the network traffic generated. Indeed when
starting the ntop service there's HTTP traffic going to kpn.ntop.org, which is
the CNAME for version.ntop.org. A bunch of data is pushed to it and a version
check returned.
Adding the --skip-version-check option should prohibit this. It does not. NTOP
comes back with the error that it needs a parameter for the option, which is
not documented. Adding the parameter (like '=yes', or ' yes') allows NTOP to
start. But looking at the log and the network traffic the version check is
still performed.
A telltail sign comes when one freshly installs the package. This is what
appears in the syslog.
----------8<---------------------------------------------------------------
ntop[]: CHKVER: **********************PRIVACY**NOTICE**********************
ntop[]: CHKVER: * ntop instances may record individually identifiable *
ntop[]: CHKVER: * information on a remote system as part of the version *
ntop[]: CHKVER: * check. *
ntop[]: CHKVER: * *
ntop[]: CHKVER: * You have requested - via the --skip-version-check *
ntop[]: CHKVER: * option that this check be skipped and so no *
ntop[]: CHKVER: * individually identifiable information will be recorded. *
ntop[]: CHKVER: * *
ntop[]: CHKVER: * In general, we ask you to permit this check because it *
ntop[]: CHKVER: * benefits both the users and developers of ntop. *
ntop[]: CHKVER: * *
ntop[]: CHKVER: * Review the man ntop page for more information. *
ntop[]: CHKVER: * *
ntop[]: CHKVER: **********************PRIVACY**NOTICE**********************
ntop[]: CHKVER: Checking current ntop version at version.ntop.org/version.xml
ntop[]: CHKVER: Version file is from 'version.ntop.org'
ntop[]: CHKVER: as of date is '2012-10-16T11:00:47'
ntop[]: CHKVER: This version of ntop is the CURRENT stable version
----------8<---------------------------------------------------------------
So first a notice that the version check is skipped, and then it's done anyway?
This cannot be right, on various levels.
What I would expect is that the version check is inhibited by default, since
we're relying on the Debian distribution channels for updates, not on
in-application checks (which should be a general Debian Packager policy IMHO).
And then centainly not those checks which flag out to the world every time
when my Debian box boots up. For me enough reason to remove ntop from my box.
-- System Information:
Debian Release: jessie/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages ntop depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.52
ii libc6 2.17-97
ii libgdbm3 1.8.3-12
ii libgeoip1 1.6.0-1
ii libpcap0.8 1.5.3-1
ii libpython2.7 2.7.6-5
ii librrd4 1.4.7-2+b1
ii net-tools 1.60-25
ii ntop-data 3:5.0.1+dfsg1-1
ii passwd 1:4.1.5.1-1
ii python-mako 0.9.1-1
ii zlib1g 1:1.2.8.dfsg-1
ntop recommends no packages.
Versions of packages ntop suggests:
ii graphviz 2.26.3-16.1
ii gsfonts 1:8.11+urwcyr1.0.7~pre44-4.2
-- debconf information:
ntop/password_reset: false
* ntop/interfaces: none
* ntop/password_empty:
ntop/password_mismatch:
ntop/user: ntop
--- End Message ---
--- Begin Message ---
Source: ntop
Source-Version: 3:5.0.1+dfsg1-2
We believe that the bug you reported is fixed in the latest version of
ntop, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ludovico Cavedon <[email protected]> (supplier of updated ntop package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 01 Mar 2014 01:05:28 -0800
Source: ntop
Binary: ntop ntop-dbg ntop-data
Architecture: source amd64 all
Version: 3:5.0.1+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: Ludovico Cavedon <[email protected]>
Changed-By: Ludovico Cavedon <[email protected]>
Description:
ntop - display network usage in web browser
ntop-data - display network usage in a web browser (data files)
ntop-dbg - display network usage in web browser (debug symbols)
Closes: 737444 737917
Changes:
ntop (3:5.0.1+dfsg1-2) unstable; urgency=medium
.
* Use system jquery js and css (Closes: #737444).
* Include non-minimized source for jquery.jqplot.js (Closes: #737444).
* Add versioncheck.patch to fix handling and documentation of
--skip-version-check command line option (Closes: #737917).
* Update Standards-Version to 3.9.5.
Checksums-Sha1:
4b300fe9042dd69f64688f35a3d266a13806afa9 2109 ntop_5.0.1+dfsg1-2.dsc
5c5d4d4ba2d6ff72237c0a260951a2c18d593adb 124416
ntop_5.0.1+dfsg1-2.debian.tar.xz
80a018e61d69f60cd0895697c2f125d8f81364d6 618898 ntop_5.0.1+dfsg1-2_amd64.deb
12c14f50db29bc91e8c3db379bf45d817648a57c 808768
ntop-dbg_5.0.1+dfsg1-2_amd64.deb
934780dcbb7d8c2f5adcfee8cd5a6363be019d76 1185732
ntop-data_5.0.1+dfsg1-2_all.deb
Checksums-Sha256:
fc5ad3e032de73d4db6b517538aeb515c3c1fa5b741de3749392462ca5d9414e 2109
ntop_5.0.1+dfsg1-2.dsc
e6572959fdc4b62b749b56e6512a4ebad85c8c974929df167e2109e7731c1851 124416
ntop_5.0.1+dfsg1-2.debian.tar.xz
c3d9619e83d3b64deb750fe804549cce07627d9b587520a3b9cda03c10e710c9 618898
ntop_5.0.1+dfsg1-2_amd64.deb
99f580cae8b7fa213b2b3afa57fd13928a6604ed11bd23463653722477a9002d 808768
ntop-dbg_5.0.1+dfsg1-2_amd64.deb
48a947afcfdacec7148afd3cb184ea2648a8c758d5a39ece84b657cfa33625f4 1185732
ntop-data_5.0.1+dfsg1-2_all.deb
Files:
a347c6520a4e38039ce0fca33e55b945 2109 net optional ntop_5.0.1+dfsg1-2.dsc
098029f289c5f9ca651c9e4ec1608822 124416 net optional
ntop_5.0.1+dfsg1-2.debian.tar.xz
fbf19ddd2633869e8a1095551712fa67 618898 net optional
ntop_5.0.1+dfsg1-2_amd64.deb
73d7f49be76e359f97ed2aee4eb4a5fc 808768 debug extra
ntop-dbg_5.0.1+dfsg1-2_amd64.deb
24f91f0e94bf7a049b48f24ab1251df9 1185732 net optional
ntop-data_5.0.1+dfsg1-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJTEalsAAoJEBPAtWZ6OLCwaJQQAMhsRDBI3t36k+Xz+IN+CUsT
MmN5HU2pOS1ptDvtAug3mtAAcZncE3z8gEET6WgevArwxm+KnYdXxu+iUfuZ4gyy
nVhTLTTXQqbAaZf3cvtWLUTXswyzRn4/9Hafm9HOTpzvqXeXu09MAZdBkDxxKO9v
Lvh0lVIRcYbHXgOWVQ3iG3JmmK6SxzyA3iZYCQRNppwyryYwLsVqu+D/j53n8uDT
oTBJHpmjVaU+UO4fDIRxcaClVXl4KoleqB/T8KY1rapHLv6BzsGhJ8uIlam4VWDr
tKDGl4exfCZb2IxOXVTxgsIsgnlGOY83KGJywBfxMFxf26tPER28gJZ26FbvfBvK
kH2RihwkjsoKnfKFWwtUiodsH6N6xYKeCZc+FOEhbLd8JgfgBoCIppTY24wrU4PZ
WOfDTGkFPaAbU934y+WhXdQl7RetPCHo8I6OzB+dkDN7ReAp/fvHvTD14oPunRxY
jIQL8QywE1kaZpP5AqNhJxuwOKWPj4dd2q0+9U8qEvP7sazhObsYz8OTDtvW1a9x
TanESxqGf6QrNBvt0Fa+BjKlLfNxeALr92MbKx9qHO4fGXT+BZXq8Rm59yaUSyHi
SxcvdHpjzsYQwfHva7+pM5cCNgeoD+0xRg9zIT+fBWJicOGtv8AWBuFw8JdpaoR6
Wq4LWa7+I4DbowTlGmRH
=8iT4
-----END PGP SIGNATURE-----
--- End Message ---