* Guillem Jover: > If the stable release team would be fine with introducing a new source > package to stable then I guess the easiest is to just "backport". > I think it most probably should build on etch w/o modifications. > > Otherwise from where were you thinking on generating the library > package?
We need non-predictable PRNGs for DNS transaction IDs and perhaps source ports (if we can't fix the kernel due to politics) in adns, libc6, Net::DNS, ldns, and in various DNS proxies and probably some other stuff I forgot. The OpenSSL license is incompatbile with some other licenses used by Debian and cannot be used in a library. The GNUTLS PRNG drains a lot of entropy from the pool. Reading /dev/urandom directly might be another option, though. >> I'd also see a change that limits the number of bytes which is read from >> /dev/urandom (32 or fewer should be enough). I'm concerned about >> looping shell scripts darinign entropy from the pool at an unacceptably >> high rate. > > I guess that'd be possible, but on what scenario would you see this > happening? Anthing that uses DNS in a loop. For instance, with a list of a few dozen URLs, while read url ; do wget $url ; done completely depletes the kernel randomness pool, causing issues for applications that read from /dev/random. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
