On Sun, 16 Jun 2002, Cliff Woolley wrote: > On Sun, 16 Jun 2002 [email protected] wrote: > > > on unix platforms, apr shipped with httpd 2.0.36 asks for truely- > > random number (/dev/random) instead of so-so random number > > (/dev/urandom). question: is it really necessary to require > > /dev/random instead of /dev/urandom? if not, does the following patch > > make sense? > > We already had a big debate about this. We decided it's best not to pick > the least secure option by default, so the patch below (which I already > wrote :), isn't the way to go. Instead, I overhauled that whole system so > you can specify with a ./configure argument which one you want. It will > be part of 2.0.38.
Though of course; RUNtime is what people who use our binary distribution really want (and what 'I' want - just like for the HTTP filtering stuff; as often the dev box you compile things on is not equal to the sub standard boxes you deploy on). Dw
