Package: ncat Version: 7.92+dfsg2-1+b1 Severity: normal User: [email protected] Usertags: origin-kali
Dear Maintainer, Please consider lowering the priority of ncat below nc.traditional, or remove it completely from the nc alternatives. At the moment, there are 3 alternatives for nc: # update-alternatives --list nc /bin/nc.openbsd /bin/nc.traditional /usr/bin/ncat The alternatives for nc.openbsd and nc.traditional are necessary as they both provide the bin/nc binary, however it's not strictly necessary for ncat, as it comes under the name bin/ncat. And indeed, for a long while ncat was NOT part of the nc alternatives, it was added only in response to bug https://bugs.debian.org/881639, and was released with src:nmap 7.70+dfsg1-2 in April 2018. Quoting the bug above: > The clevis package (ITP #854410) needs a netcat for the dracut > unlocker, and an alpha tester reported the implementations provided > by both -traditional and -openbsd don't fit the needs. I was told > Redhat (where clevis comes from) uses nmap's ncat for nc, and things > work fine then. However, clevis dropped the dependency on ncat a while ago: https://github.com/latchset/clevis/commit/9cdd0415 (Dec 2020). So the reason that prompted this change in ncat is not valid anymore. I think it's still useful to have ncat amongst nc alternatives though. Even though it's not needed for clevis anymore, this bug demonstrated that there can be use-cases for which it's useful to have nc == ncat. If only for compatibility with Redhat. However I think it shouldn't have a higher priority than nc.traditional. I think it should be opt-in, it should replace nc only if users want it to, by running update-alternatives manually. The main reason is that ncat is not a drop-in replacement for nc, it's not 100% compatible, it has a very different output, etc... We have users in Kali Linux who have been beaten by this. They use nc, they also need ncat for the extra options it provides, they install it, and then are very surprised that nc is now ncat. From their background (I'm talking about professional pentesters), nc and ncat are different tools, they really don't expect ncat to replace nc. Therefore I suggest to lower the priority of the ncat alternative to zero, so that upon installation it does NOT replace nc. Thanks, Arnaud
