On Mon, Dec 16, 2002 at 10:26:54AM +0100, Gal Le Mignot wrote:
> Alfred a �crit :
>
> > Why don't just add urandom server to the official base system?
> > Because there is no good entropy source.
>
> And ? It's a temporary solution that allow user to use an ssh client
> and/or server, which is very usefull. You just have to add a debconf
> warning saying that the entropy source is unsafe, and asking the user
> to pay attention. We don't need more for now, since anyway no Hurd box
> will be used in a critical environement in a near future.
That kind of thinking is fairly dangerous.
a) Debconf is not a billboard. Doing this is a hack.
b) It will become a low priority task to remove a poor entropy
source once things "just work." Better to make everyone realise
that something is wrong, and perhaps motivate someone to fix it.
Simon
