Cory Benfield <cory <at> lukasa.co.uk> writes:
python-dev cannot wash its hands of the security decision here. As I’ve said many times, I’m pleased to see the decision makers have not done that: while I don’t agree with their decision, I totally respect that it was theirs to make, and they made it with all of the facts.
I think the sysadmin's responsibility still plays a major role here. If a Linux system crucially relies on the quality of /dev/urandom, it should be possible to insert a small C program (call it ensure_random) into the boot sequence that does *exactly* what Python did in the bug report: block until entropy is available. Well, it *was* possible with SysVinit ... :) Python is not the only application that needs a secure /dev/urandom. Stefan Krah