Hello all, I'm forwarding my questions and thoughts about this patch.
Le 2023-01-04 à 11 h 39, Shengjing Zhu a écrit :
So Just make evutil_secure_rng_add_bytes noop with glibc's implemtation of arc4random. Please see following patch.
In the libevent repo, azat mentions that nooping evutil_secure_rng_add_bytes is not a good thing to do [1]
but on the other hand, other implementation have applied this kind of patch, like oracle mentioned above.
I'm not pretending I know more, but I'd like to make sure this patch won't silently remove a core functionality in some packages, leading to random number generator being less random.
Also, the libevent transition with glibc made by ubuntu in october went fine apparently, just a couple of build had an error [2]
Again, I'm not trying to force one solution or another, but I question what solution is the best considering the little time we have until freeze.
/Nicolas [1] https://github.com/libevent/libevent/issues/615#issuecomment-421182890 [2] https://bugs.launchpad.net/ubuntu/+source/libevent/+bug/1990941
