On Sun, 16 Jun 2002 [email protected] wrote: > on unix platforms, apr shipped with httpd 2.0.36 asks for truely- > random number (/dev/random) instead of so-so random number > (/dev/urandom). question: is it really necessary to require > /dev/random instead of /dev/urandom? if not, does the following patch > make sense?
We already had a big debate about this. We decided it's best not to pick the least secure option by default, so the patch below (which I already wrote :), isn't the way to go. Instead, I overhauled that whole system so you can specify with a ./configure argument which one you want. It will be part of 2.0.38. --Cliff
