-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 severity 336651 normal thanks
On Mon, Oct 31, 2005 at 12:44:06PM -0600, Mark A. Hershberger wrote: > Package: libapr0 > Version: 2.0.54-5 > Severity: grave > libapr should be compiled using /dev/urandom so that tools like svn > can actually function on servers where there is less entropy available. > http://svn.haxx.se/users/archive-2005-08/0818.shtml This does not meet the definition of a grave bug. It is quite likely that it is not a bug at all -- /dev/urandom is *not* a proper replacement for /dev/random when real entropy is needed, and the Debian packages should not sacrifice security casually. - -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDZwomKN6ufymYLloRAvgJAJ9kgqijeAzXxfsDMsn943EDH8PitACfYHu6 PTfSnhrLbI6XZbHbTTMCQdI= =jTmr -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
