Bug#336651: libapr0: Need to compile --with-devrandom=/dev/urandom
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
severity 336651 normal
thanks
On Mon, Oct 31, 2005 at 12:44:06PM -0600, Mark A. Hershberger wrote:
> Package: libapr0
> Version: 2.0.54-5
> Severity: grave
> libapr should be compiled using /dev/urandom so that tools like svn
> can actually function on servers where there is less entropy available.
> http://svn.haxx.se/users/archive-2005-08/0818.shtml
This does not meet the definition of a grave bug. It is quite likely that
it is not a bug at all -- /dev/urandom is *not* a proper replacement for
/dev/random when real entropy is needed, and the Debian packages should not
sacrifice security casually.
- --
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDZwomKN6ufymYLloRAvgJAJ9kgqijeAzXxfsDMsn943EDH8PitACfYHu6
PTfSnhrLbI6XZbHbTTMCQdI=
=jTmr
-----END PGP SIGNATURE-----
Reply to: