Re: K1 images - final report?
Alfred a écrit :
> And ? It's a temporary solution that allow user to use an ssh client
> and/or server, which is very usefull. You just have to add a debconf
> warning saying that the entropy source is unsafe, and asking the user
> to pay attention. We don't need more for now, since anyway no Hurd box
> will be used in a critical environement in a near future.
> It is a temporary solution, but it is also the wrong solution. It is
> just as unsafe as copying libc.so to /dev/urandom. A false sense of
> security is worse than no security. If a user needs urandom that
> badly, they can install it on their own.
This prevents ssh & such to work with a simple apt-get, and that's
wrong. If we cannot have strong security, than we tell it, but we do
not suppress mostly-working programs just because of that. Anyway, a
bad entropy generator isn't the main concern before using a GNU/Hurd
box for something "real".
--
Gael Le Mignot "Kilobug" - kilobug@nerim.net - http://kilobug.free.fr
GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959
Fingerprint : 1F2C 9804 7505 79DF 95E6 7323 B66B F67B 7103 C5DA
Member of HurdFr: http://hurdfr.org - The GNU Hurd: http://hurd.gnu.org
Reply to: