Comment 2 for bug 1895714

Original design principle: https://blog.dustinkirkland.com/2014/02/random-seeds-in-ubuntu-1404-lts-cloud.html

"""
Q: What about SSL compromises, or CA Man-in-the-Middle attacks?
A: We are mitigating that by bundling the public certificates in the client.

    The pollinate package ships the public certificate of entropy.ubuntu.com
        /etc/pollinate/entropy.ubuntu.com.pem
        And curl uses this certificate exclusively by default
    If this really is your concern (and perhaps it should be!)
        Add more URLs to the $POOL variable in /etc/default/pollinate
        Put one of those behind your firewall
        You simply need to ensure that at least one of those is outside of the control of your attackers
"""