Original design principle: https://blog.dustinkirkland.com/2014/02
/random-seeds-in-ubuntu-1404-lts-cloud.html
"""
Q: What about SSL compromises, or CA Man-in-the-Middle attacks?
A: We are mitigating that by bundling the public certificates in the client.
The pollinate package ships the public certificate of entropy.ubuntu.com
/etc/pollinate/entropy.ubuntu.com.pem
And curl uses this certificate exclusively by default
If this really is your concern (and perhaps it should be!)
Add more URLs to the $POOL variable in /etc/default/pollinate
Put one of those behind your firewall
You simply need to ensure that at least one of those is outside of the
control of your attackers
"""
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1895714
Title:
Investigate and remove CA pinning
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1895714/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
