[Pkg-openssl-devel] Bug#363516: explanation needed

[Benoît Dejean]

Hello, i have a few questions because the DSA isn't clear whether the
security problem is caused by Debian modification or by the fact that
openssl prng is very bad.

Does the whole openssl security rely on uninitialized memory ?

If yes isn't this bloody naive ?

Shouldn't openssl use /dev/random or stuff like this to get good entropy ?

Does Debian then advise to completely drop openssl because its PRNG is
seeded from uninitialized memory which is not guaranted to be random ?

Thanks.

-- 
Benoît Dejean <benoit at placenet.org>