On Thursday, November 03, 2011 4:26 PM, "Peter Samuelson" <peter_at_p12n.org> wrote:
>
> [Jonathan Nieder]
> > state = apr_random_standard_new(pool);
> >
> > for (;;) {
> > while (apr_random_secure_ready(state) == APR_ENOTENOUGHENTROPY) {
> > apr_generate_random_bytes(buf, sizeof(buf));
> > apr_random_add_entropy(state, buf, sizeof(buf));
> > }
> >
> > apr_random_secure_bytes(state, ret, n);
> > yield;
> > }
>
> The problem is that svnserve is often used in 'inetd' mode, one
> connection per process. I've recommended that for years, as being
> easier and less hassle than managing a separate daemon. Given inetd
> mode, your approach will exhaust /dev/random just as fast as the status
> quo.
>
> (Also, and this is minor, those functions didn't exist in apr 0.9, for
> those poor souls still needing to build Subversion on platforms with
> Apache 2.0. I don't _think_ we've ever dropped support for our
> original apr platform, have we?)
Yes, but I'm not sure that means we can't use the above code when we
detect a new APR at build time. I mean, APR_VERSION_AT_LEAST() exists
for a reason.
> --
> Peter Samuelson | org-tld!p12n!peter | http://p12n.org/
>
Received on 2011-11-03 22:35:46 CET