The warnings are printed because dcc-common.postinst uses /bin/sh as shell, which is dash in Feisty and not bash.
Bash understands option "-n" for the read command, while dash doesn't. Because of the failing read, /dev/urandom is not used as random source, but instead the 'ps ax' output is used; therefore the warning about the potentially insecure password. Suggestion to fix this: Instead of testing the readability of /dev/urandom in line 6 of dcc-common.postinst with if ! read -n 0 < $RANDOMDEVICE ; then which tries to read zero characters, one could use the readability test if [ ! -r "$RANDOMDEVICE" ]; then Maybe the security of the generated passwords can be discussed anyway, because the output of /dev/urandom or "ps ax" is piped through 'cksum' later on which will produce predictable output (the last 4 characters will be 'x120' usually for /dev/urandom input). This is not a great issue because the leading checksum is about 9 or 10 characters and probably as unpredictable as the used random source. An alternative to generate the passwords by some script mimic would be to depend on the package pwgen and use e.g. "`pwgen -cns 10`" in lines 34/35 of dcc-common.postinst. -- Warnings (read/password) during installation of dcc-common https://bugs.launchpad.net/bugs/119808 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
