On Wed, 22 Jul 2009, Jonathan Yu wrote: > Incidentally, here is the quilt patch which should fix the issue. It > should also work on older Perls without Perl_seed, so I'll forward > this upstream (while making a simultaneous release in Debian) so > that hopefully it's fixed in the near future.
1) salph ignores huge swaths of entropy which is present in the seed, so I didn't want to use it (and I don't think it's the right thing to do.)[1] You'd certainly need more than one call to the seed to set it reasonably, and if you use salph, you don't need to restrict it to 1..2^30 2) Perl_seed generates a new seed every time you call it. It does not expose the internal state of the random number generator. (Reading its implementation will be instructive.) 3) Using localtime to seed the generator instead of failing (or at least warning) is bad. At the very least, it should use something like: time ^ $$ ^ unpack "%L*", `ps axww | gzip -f` or some other reasonable implementation as well as warning that you're not actually using random data. Don Armstrong 1: The implementation of salph is also rather opaque and may not have uniform distribution for the input that you're passing it, leading to non-unform distribution of random values for repeated calls to the program. [I haven't read the paper it's based on, either...] -- This can't be happening to me. I've got tenure. -- James Hynes _Publish and Perish_ http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org