Date: Sat, 23 Jul 2005 23:39:34 -0700 From: Colin Percival <cperciva@freebsd.org> To: "Andrey A. Chernov" <ache@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/games/fortune/fortune fortune.c Message-ID: <42E337A6.8060206@freebsd.org> In-Reply-To: <200507231824.j6NIOl6v034122@repoman.freebsd.org> References: <200507231824.j6NIOl6v034122@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrey A. Chernov wrote: > FreeBSD src repository > > Modified files: > games/fortune/fortune fortune.c > Log: > My change, namely srandomdev() addition, was backed out even without > discussing with me, and I obviously disagree seeing that afterwards > (srandomdev() back out not fix any thing, it can only mask the problem). > > So, back out the back out and return srandomdev(). Approved by: security-officer (cperciva) Any change which helps to make a security problem obvious is a good thing, and a commit which (like revision 1.28) simply hides a security problem from users is Not Desired. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E337A6.8060206>