Re: libbsd package
* Thorsten Glaser:
> Any progress on the libbsd package, now that licence issues are out
> of the way? IIRC, plans were to get it ready for all arches in lenny?
We need a thread-safe version of something like arc4random as an element
for various security patches (which will target etch). Shall we
back-port libbsd as a whole, or should we just spin a separate library
package?
I'd also see a change that limits the number of bytes which is read from
/dev/urandom (32 or fewer should be enough). I'm concerned about
looping shell scripts darinign entropy from the pool at an unacceptably
high rate.
Reply to: