[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Running the test suite faster.

From: C. Michael Pilato <cmpilato_at_collab.net>
Date: 2007-11-02 16:02:39 CET

Justin Erenkrantz wrote:
> On Nov 2, 2007 1:10 AM, Karl Fogel <kfogel@red-bean.com> wrote:
>> By that time I had forgotten about the random-vs-urandom thing,
>> though, so I just assumed my tests were taking longer because we had
>> more tests, or something. Now that I'm specifying /dev/urandom
>> explicitly, things are fast for me again.
>
> I'm much much more curious *why* this affects anything. What is the
> testsuite/Subversion doing that requires crypto-grade random numbers
> at all? Is whatever it is really need crypto-secure random, or is it
> safe to make it insecure? FWIW, APR 1.2+ has an internal PRNG as well
> - we can explicitly ask for insecure random bytes from it. The only
> direct call I can find is part of ra_svn's CRAM implementation - but
> that shouldn't manifest itself via the other ra layers...so what's the
> culprit here? -- justin

Honestly, I've wondered the same. My recollection is that APR doesn't allow
one to say "it's okay to use weak encryption" when generating UUIDs, and I
*think* that UUID generation is the only place we'd be consuming entropy.
We use UUIDs for repository creation (dump/load), for commit generating
commit activity names (DAV), for lock token creation, for .subversion/auth
obfuscation ... other places?

-- 
C. Michael Pilato <cmpilato@collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand

Received on Fri Nov 2 16:02:54 2007

This is an archived mail posted to the Subversion Dev mailing list.