Re: libbsd package
Hi Florian,
On Fri, 2008-07-18 at 17:28:30 +0200, Florian Weimer wrote:
> * Thorsten Glaser:
> > Any progress on the libbsd package, now that licence issues are out
> > of the way? IIRC, plans were to get it ready for all arches in lenny?
>
> We need a thread-safe version of something like arc4random as an element
> for various security patches (which will target etch). Shall we
> back-port libbsd as a whole, or should we just spin a separate library
> package?
If the stable release team would be fine with introducing a new source
package to stable then I guess the easiest is to just "backport".
I think it most probably should build on etch w/o modifications.
Otherwise from where were you thinking on generating the library
package?
> I'd also see a change that limits the number of bytes which is read from
> /dev/urandom (32 or fewer should be enough). I'm concerned about
> looping shell scripts darinign entropy from the pool at an unacceptably
> high rate.
I guess that'd be possible, but on what scenario would you see this
happening?
regards,
guillem
Reply to: