cvs commit: src/games/fortune/fortune fortune.c

Greg 'groggy' Lehey grog at FreeBSD.org
Sat Jul 23 23:04:57 GMT 2005 

On Saturday, 23 July 2005 at 13:15:29 -0600, M. Warner Losh wrote:
> In message: <42E29269.4030305 at root.org>
>             Nate Lawson <nate at root.org> writes:
>> Andrey A. Chernov wrote:
>>> ache        2005-07-23 18:24:47 UTC
>>>
>>>   FreeBSD src repository
>>>
>>>   Modified files:
>>>     games/fortune/fortune fortune.c
>>>   Log:
>>>   My change, namely srandomdev() addition, was backed out even without
>>>   discussing with me, and I obviously disagree seeing that afterwards
>>>   (srandomdev() back out not fix any thing, it can only mask the problem).
>>>
>>>   So, back out the back out and return srandomdev().
>>>
>>>   People who have problems with repeated quotes should use -D fortune
>>>   option for debugging to see is the problem in (1) /dev/random initialization
>>>   or in (2) fortune code itself.
>>
>> A bug in initializing /dev/random is a security issue and not one to be
>> taken lightly.  I hope whoever is affected by this puts some effort into
>> debugging it.
>
> Agreed.  Andrey did the right thing here.

Bullshit.  Since when is backing out other people's commits the "right
thing"?

> If we have /dev/random problems, we need to find, fix and destroy
> them,

Agreed.  But he didn't fix the problem; he ignored it and backed out
my commit without agreement.  You will know that I have sent a formal
complaint to the core team.  I hope you will be able to distinguish
between the technical and the procedural issues.

This belongs on the internal lists, of course, and I'd suggest that
any followup go there.  But since you, a core team member, have stated
in public that it's the "right thing" for one committer to back out
another's commit without reaching agreement, I need to protest in
public against your statement.  Please retract it, also in public.

> not kludge around it with 1980's microsecond technology.

I can't see that there's much of a security implication in fortune.
But now it's broken again.  Does that improve our security situation?

Greg
--
The virus once contained in this message has lost interest in life,
shrivelled up and died.  LEMIS anti-virus has given it an appropriate
burial.
For further details see http://www.lemis.com/grog/lemis-virus.html

Finger grog at FreeBSD.org for PGP public key.
See complete headers for address and phone numbers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20050724/18efb8e9/attachment.bin

More information about the cvs-all mailing list