On Wed, 2005-02-16 at 17:05, kfogel@collab.net wrote:
> > This is an interesting point. IMO the ideal solution would be to
> > convince the APR people to fix their library, but if memory serves,
> > the problem is from apr_generate_random_bytes() and only affects
> > Subversion via the getuuid.c file. If you look at the source code,
> > writing a custom replacement for apr_uuid_get() is trivially easy and
> > you could probably improve the implementation.
> Developers, would we want a patch as suggested by Pete Gonzalez above?
> I'm inclined to say "yes", but would like others' thoughts.
The right answer is for APR to rev apr_generate_random_bytes() to take a
flag saying whether PRNG data is okay, and for apr_uuid_get() to say
that PRNG data is okay. (If the system has no /dev/random, the flag
shouldn't have any effect, in my opinion.) I don't see any reason to
address this problem within the Subversion code base, since I think it
wouldn't be as easy.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Feb 16 23:39:06 2005