Re: deadlock in svnserve

From: John Peacock <jpeacock_at_rowman.com>
Date: 2006-09-18 17:22:47 CEST

Peter Samuelson wrote:
> [John Peacock]
>> I don't know if this would be an acceptable tradeoff, since urandom
>> is not as high a quality pseudo-random stream. It would be
>> worthwhile to add a FAQ entry covering this.
>
> Have you looked at what subversion uses randomness for? UUID creation
> and seeding a challenge/response authentication handshake. These
> things do not require randomness or secrecy, just uniqueness.

That's fine for Subversion. I'm just saying that automatically building
APR (which might be used by other apps) to use /dev/urandom may not be
appropriate without a BIG warning someplace.

People concerned about security will use svn+ssh:// or https://, in
which case they may have the same issue with a lack of randomness on
headless servers. This is why I thought a FAQ entry explaining a little
bit about /dev/random blocking (not true on FreeBSD, BTW) might be better.

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Mon Sep 18 17:23:10 2006

This message: [ Message body ]
Next message: Garrett Rooney: "Re: [PATCH] svn_ra_dav__get_lock fails through re-writing proxy"
Previous message: Madan U Sreenivasan: "Re: neon 0.26 problem"
In reply to: Peter Samuelson: "Re: deadlock in svnserve"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]