On 30-Aug-07, at 10:07 AM, Tony L. Svanstrom wrote:
On Thu, 30 Aug 2007 the voices made Guy Hulbert write:
GH> wtf does this mean - the *purpose* of the discussion is to *fix* a
GH> *unique* transaction ID when the discussion is over it is
*fixed* and
GH> the discussion *documents* the implementation.
I meant undocumented as in it in Transaction.pm currently says
"Generate
unique id" without mentioning that the earlier defined $SALT_HOST
relies on
certain aspects of the ID-generation, without which the $id might
not be unique
in cases where there's more than one instance of qpsmtpd running on
a single
server.
Including PID takes care of that. And you're assuming a broken srand
() too.
Admittedly, there's a very very remote freak possibility that given
two identical hostnames, a rand() with a broken srand(), and those
servers starting at the exact same microsecond time with the exact
same PID, that you MIGHT, just MAYBE, get a duplicate transaction id.
The alternative seems to me the only way to satisfy your security
paranoid mind is to use Data::UUID, which is an extra dependency I
don't want to add in.
Matt.
