[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libbsd package

Hi Florian,

On Fri, 2008-07-18 at 17:28:30 +0200, Florian Weimer wrote:
> * Thorsten Glaser:
> > Any progress on the libbsd package, now that licence issues are out
> > of the way? IIRC, plans were to get it ready for all arches in lenny?
> We need a thread-safe version of something like arc4random as an element
> for various security patches (which will target etch).  Shall we
> back-port libbsd as a whole, or should we just spin a separate library
> package?

If the stable release team would be fine with introducing a new source
package to stable then I guess the easiest is to just "backport".
I think it most probably should build on etch w/o modifications.

Otherwise from where were you thinking on generating the library

> I'd also see a change that limits the number of bytes which is read from
> /dev/urandom (32 or fewer should be enough).  I'm concerned about
> looping shell scripts darinign entropy from the pool at an unacceptably
> high rate.

I guess that'd be possible, but on what scenario would you see this


Reply to: