Re: libbsd package
* Guillem Jover:
> If the stable release team would be fine with introducing a new source
> package to stable then I guess the easiest is to just "backport".
> I think it most probably should build on etch w/o modifications.
> Otherwise from where were you thinking on generating the library
We need non-predictable PRNGs for DNS transaction IDs and perhaps source
ports (if we can't fix the kernel due to politics) in adns, libc6,
Net::DNS, ldns, and in various DNS proxies and probably some other stuff
The OpenSSL license is incompatbile with some other licenses used by
Debian and cannot be used in a library. The GNUTLS PRNG drains a lot of
entropy from the pool. Reading /dev/urandom directly might be another
>> I'd also see a change that limits the number of bytes which is read from
>> /dev/urandom (32 or fewer should be enough). I'm concerned about
>> looping shell scripts darinign entropy from the pool at an unacceptably
>> high rate.
> I guess that'd be possible, but on what scenario would you see this
Anthing that uses DNS in a loop. For instance, with a list of a few
while read url ; do wget $url ; done
completely depletes the kernel randomness pool, causing issues for
applications that read from /dev/random.