[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#336651: libapr0: Need to compile --with-devrandom=/dev/urandom



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

severity 336651 normal
thanks

On Mon, Oct 31, 2005 at 12:44:06PM -0600, Mark A. Hershberger wrote:
> Package: libapr0
> Version: 2.0.54-5
> Severity: grave

> libapr should be compiled using /dev/urandom so that tools like svn
> can actually function on servers where there is less entropy available.

> http://svn.haxx.se/users/archive-2005-08/0818.shtml

This does not meet the definition of a grave bug.  It is quite likely that
it is not a bug at all -- /dev/urandom is *not* a proper replacement for
/dev/random when real entropy is needed, and the Debian packages should not
sacrifice security casually.

- -- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDZwomKN6ufymYLloRAvgJAJ9kgqijeAzXxfsDMsn943EDH8PitACfYHu6
PTfSnhrLbI6XZbHbTTMCQdI=
=jTmr
-----END PGP SIGNATURE-----



Reply to: