On Jul 21, 2014, at 7:31 AM, Steven Chamberlain <ste...@pyro.eu.org> wrote:
> Hi Brent, > > Thank you very much for your input here. > > On 21/07/14 13:10, Brent Cook wrote: >> Also, please do not replace arc4random in libressl. We'll have to figure >> out what to do about the circular dependency with openssh > > OK, let's see what the OpenSSH Portable team comes up with... > > Having embedded copies of arc4random.c in different packages though > (libressl, openssh, libevent, libbsd) is not great. It would be nice to > someday package it into a re-usable library for all of Debian to use, > and for ensuring it always stays up-to-date with upstream. > > (The one in LibreSSL Portable is currently the most up-to-date; I > realise other/older versions of it are unsafe for some use cases). > >> replacing >> with the version from libbsd is really not the way to go at the moment > > Agreed, there are serious problems with the arc4random in libbsd at the > moment (I'm looking at our options to fix this). But if we could > someday split out arc4random, then libbsd would seem like a good place > to put it. OK. Someone, whom I think is a libbsd maintainer, expressed interest in updating libbsd as well: https://github.com/busterb/libressl/issues/5 In the short term, we are doing some refactoring to make arc4random even more portable in LibreSSL, and will be adding support for the new Linux getrandom syscall if/when it lands as well. I wonder if libc integration would be the best integration path, since not everything that integrates arc4random/arc4random_buf uses an external library to provide that functionality. Take libevent2, which also embeds its own implementation if the system does not have it. If there was a secure arc4random implementation that all apps could use on Linux without any special libraries, that would kill a few birds with one stone. > Regards, > -- > Steven Chamberlain > ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8acceb34-6f8f-43f5-afc3-3ee9b2f13...@gmail.com
