> All of this is independent of proper entropy seeding to the PRNG, which is > what the debian patch crushed and which in turn led to the high seismic > reading in the blogosphere. But it may help explain why I do *not* want us to > unilaterally remove the use of uninitialised data in the PRNG. That seems to > be motivated by a capitulation to the weight of users (or packagers) who > don't know how to read the FAQ. Perhaps what we should do instead is
I think we should be less worried how things "seem" and more worried about the practical consequences. > change -DPURIFY to -DNO_UNINIT_DATA or something else which has a clearer > intention, so that debug packages (or even base packages that want to be > valgrind-friendly) have a straightforward mechanism to apply. Well, a > straightforward mechanism that doesn't kill the PRNG outright, I mean > (otherwise there is already a highly-publicised patch we could apply...) What I was hoping for was a -DNO_UNINIT_DATA that wouldn't be the default, but wouldn't reduce the keyspace either. Can someone provide a pointer to this highly-publicized patch? I'm afraid I'm dreadfully ignorant of the blogosphere. -JP ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
