Re: libbsd package

To: debian-bsd@lists.debian.org
Subject: Re: libbsd package
From: Guillem Jover <guillem@debian.org>
Date: Sat, 19 Jul 2008 08:20:45 +0300
Message-id: <[🔎] 20080719052045.GC28125@zulo.hadrons.org>
Mail-followup-to: debian-bsd@lists.debian.org
In-reply-to: <[🔎] 873am7dxep.fsf@mid.deneb.enyo.de>
References: <Pine.BSM.4.64L.0806292125100.30307@herc.mirbsd.org> <20080630191209.GG10329@lilotux.net> <Pine.BSM.4.64L.0806302324010.5390@herc.mirbsd.org> <[🔎] 873am7dxep.fsf@mid.deneb.enyo.de>

Hi Florian,

On Fri, 2008-07-18 at 17:28:30 +0200, Florian Weimer wrote:
> * Thorsten Glaser:
> > Any progress on the libbsd package, now that licence issues are out
> > of the way? IIRC, plans were to get it ready for all arches in lenny?
> 
> We need a thread-safe version of something like arc4random as an element
> for various security patches (which will target etch).  Shall we
> back-port libbsd as a whole, or should we just spin a separate library
> package?

If the stable release team would be fine with introducing a new source
package to stable then I guess the easiest is to just "backport".
I think it most probably should build on etch w/o modifications.

Otherwise from where were you thinking on generating the library
package?

> I'd also see a change that limits the number of bytes which is read from
> /dev/urandom (32 or fewer should be enough).  I'm concerned about
> looping shell scripts darinign entropy from the pool at an unacceptably
> high rate.

I guess that'd be possible, but on what scenario would you see this
happening?

regards,
guillem

Reply to:

References:
- Re: libbsd package
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: libbsd package
Next by Date: is deb-bsd dead?
Previous by thread: Re: libbsd package
Next by thread: inconsistence in subsecond timestamp resolution handling
Index(es):
- Date
- Thread