|Subject:||Re: maradns reproducibility fixes and the merits of picking a random number|
|Date:||Tue, 07 Jun 2022 08:11:54 -0400|
|User-agent:||mu4e 1.6.10; emacs 28.1|
The upstream website says: "People like MaraDNS because it’s ...remarkably secure."  Since many distributions have the same issue, upstream could perhaps offer the patch as a build switch to enable abuild-time seed only when needed.Sounds like the safest option. Maybe we could change the code that uses that number to naise an exception or abort?
This seems like the best option to me, as well: either add a flag to explicitly enable embedding a constant, or remove the code entirely and replace it with a build failure (or runtime failure, if a build failure is not possible). It seems like a mis-feature to me to embed a constant seed, and invites silent misconfiguration which will lead to security breaches.
|[Prev in Thread]||Current Thread||[Next in Thread]|