"""
Q: What about SSL compromises, or CA Man-in-the-Middle attacks?
A: We are mitigating that by bundling the public certificates in the client.
The pollinate package ships the public certificate of entropy.ubuntu.com /etc/pollinate/entropy.ubuntu.com.pem
And curl uses this certificate exclusively by default
If this really is your concern (and perhaps it should be!)
Add more URLs to the $POOL variable in /etc/default/pollinate
Put one of those behind your firewall
You simply need to ensure that at least one of those is outside of the control of your attackers
"""
Original design principle: https:/ /blog.dustinkir kland.com/ 2014/02/ random- seeds-in- ubuntu- 1404-lts- cloud.html
"""
Q: What about SSL compromises, or CA Man-in-the-Middle attacks?
A: We are mitigating that by bundling the public certificates in the client.
The pollinate package ships the public certificate of entropy.ubuntu.com
/etc/pollinate /entropy. ubuntu. com.pem pollinate
And curl uses this certificate exclusively by default
If this really is your concern (and perhaps it should be!)
Add more URLs to the $POOL variable in /etc/default/
Put one of those behind your firewall
You simply need to ensure that at least one of those is outside of the control of your attackers
"""