Re: K1 images - final report?
And ? It's a temporary solution that allow user to use an ssh client
and/or server, which is very usefull. You just have to add a debconf
warning saying that the entropy source is unsafe, and asking the user
to pay attention. We don't need more for now, since anyway no Hurd box
will be used in a critical environement in a near future.
It is a temporary solution, but it is also the wrong solution. It is
just as unsafe as copying libc.so to /dev/urandom. A false sense of
security is worse than no security. If a user needs urandom that
badly, they can install it on their own.