Hi Florian, On Fri, 2008-07-18 at 17:28:30 +0200, Florian Weimer wrote: > * Thorsten Glaser: > > Any progress on the libbsd package, now that licence issues are out > > of the way? IIRC, plans were to get it ready for all arches in lenny? > > We need a thread-safe version of something like arc4random as an element > for various security patches (which will target etch). Shall we > back-port libbsd as a whole, or should we just spin a separate library > package?
If the stable release team would be fine with introducing a new source package to stable then I guess the easiest is to just "backport". I think it most probably should build on etch w/o modifications. Otherwise from where were you thinking on generating the library package? > I'd also see a change that limits the number of bytes which is read from > /dev/urandom (32 or fewer should be enough). I'm concerned about > looping shell scripts darinign entropy from the pool at an unacceptably > high rate. I guess that'd be possible, but on what scenario would you see this happening? regards, guillem -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
