Am Mittwoch, 3. Dezember 2014, 12:36:33 schrieb Jérémie Courrèges-Anglas: > Hi, > > Giuseppe Scrivano <gscriv...@gnu.org> writes: > > [...] > > > we should also hide --rand-egd from wget --help and do not accept this > > option when HAVE_RAND_EGD is not set. > > I thought about that and took the lazy approach: the option is still > available even if gnutls is used, even though it's a nop. Why then > change the interface if libressl is used instead of openssl/gnutls? > > Or maybe this was merely overlooked and openssl should really be > a special case here, dunno.
IMHO, we should accept --rand-egd to not introduce regressions. But instead of silently ignoring the users demand, we should print a warning about the LibreSSL/RAND_egd() issue. Maybe saying, that a modern /dev/random is more secure than the EGD ? It would not be nice if someone loses security without being warned. > Or... another alternative would be to get rid of RAND_egd altogether, > with --egd-file staying for compat for a few releases. :) The question here is, where and in which way is EGD still useful !? Maybe it is already obsolete on very most systems ? We should keep this in mind for 1.17+. Tim
signature.asc
Description: This is a digitally signed message part.