[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#336651: libapr0: Need to compile --with-devrandom=/dev/urandom

Steve Langasek wrote:

> It is quite likely that it is not a bug at all -- /dev/urandom is *not* a
proper replacement for /dev/random when real entropy is needed, and the
> Debian packages should not sacrifice security casually.

"svnadmin create repos" and other svn commands that need UUIDs don't work entropy isn't available. They hang.

Thus, you've created a security problem (denial of service) by making policy decisions that should be left for the site to make (e.g. what "quality" of randomness do we need from apr?)

GPG Fingerprint: 7E15 362D A32C DFAB E4D2  B37A 735E F10A 2DFC BFF5

Someone will always sell you for 30 pieces of silver.
 -- Andrei Rublev

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: