Re: [PATCH] libressl: add dummy egd functions
Ted Unangst tedu at tedunangst.com writes: Any system that actually uses egd is so hopelessly broken you are better off just turning around and walking away. No software in 2014 should be using egd; no software in 2014 should support using egd by accident. This is wrong. The egd protocol is acceptable for getting random bytes from a device not directly talked to by the kernel, such as the Simtec entropyKey (either directly or via network), to applications in cases where it is not possible to add these bytes to the kernel pool (rare but possible especially in hosted scenarios). Of course the data from egd should only ever be used mixed with kernel- provided entropy… bye, //mirabilos
Re: [PATCH] libressl: add dummy egd functions
I didn't know what egd was up until today, but reading what it is I completely understand that consideration. However, this breaks a number of packages (wget, python, ruby). There's probably a simple solution: Just add dummy functions that always return -1 (which according to the docs means egd not available). This is also what openssl did on archs that had no egd. This is not the right way to fix this. The right way is to talk to your package maintainers and ask them to configure these software without egd support.
Re: [PATCH] libressl: add dummy egd functions
On 2014/07/12 01:13, Hanno Böck wrote: I didn't know what egd was up until today, but reading what it is I completely understand that consideration. However, this breaks a number of packages (wget, python, ruby). There's probably a simple solution: Just add dummy functions that always return -1 (which according to the docs means egd not available). This is also what openssl did on archs that had no egd. If I remember correctly from m2k14 that was decided against. If you want a heads-up on some others that need to cope with this, the list also includes: dcmtk heimdal imapproxy ircd-hybrid ircd-ratbox links+, links, elinks Net::SSLeay opencm php py-openssl retawq s-nail socat stunnel xmlsec
Re: [PATCH] libressl: add dummy egd functions
On Sat, Jul 12, 2014 at 01:13, Hanno Böck wrote: I didn't know what egd was up until today, but reading what it is I completely understand that consideration. However, this breaks a number of packages (wget, python, ruby). Those packages would all be better off without egd support. In the case of python and ruby I think it's pretty clearly a case of somebody just going through the header and binding to every function there is, without considering utility. Any system that actually uses egd is so hopelessly broken you are better off just turning around and walking away. No software in 2014 should be using egd; no software in 2014 should support using egd by accident.