[Pkg-gnutls-maint] not draining entrophy is a good thing

Anand Kumria wildfire at progsoc.org
Mon Oct 16 18:26:32 UTC 2006


Hi,

I've also stumbled over this problem in the past few days.

The simplest fix, that should stop exim4 from blocking is to make
gnutls-bin a Depend rather than a Suggest. This would make the
re-generation of dh_params less likely to block the system from
continuing.

However that only alleviates the first problem. It would be useful if
the severity of bug#347210 was important.

As noted a by number of other people, a build of exim4 with openssl
does not suffer from entrophy exhaustion so quickly. It is isn't clear
to me why gnutls (via libgcrypt as I understand it) is depleting the
pool so rapidly.

Users can basically exhaust entrophy on my servers just by sending a
large (2MiB) email, which causes them pain because mail (delivery,
submission, etc.) is held up until enough activity has occurred to
generate further entrophy.

Thanks,
Anand



More information about the Pkg-gnutls-maint mailing list