The next snapshot’s codename has been decided upon angrily today: “wtf
is with all these
Expect a fix for the latter sometime soon, it does in fact have more effect than most sites say, to avoid Panikmache (unlike that Schweinegrippe stuff); I’m lucky my online banking stuff keeps SIDs in the URI ipv Cookie, but still… very bad. Switching renegotiation off as a quick würgaround also is evil, for example, my SMTP setup (using X.509v3 SSL certificate auth for relaying) might break. But we are said to expect an amended SSL/TLS protocol soon, hopefully with OpenSSL patch.
ekeyrng is a very rough draft (shell prototype) currently driving, together with a small USB backport, a Simtec EntropyKey in herc into wrandom(4) (for now). Really, the Lua tools should be used, but this is good for the installer, although the TPM, eKey and truerand – cprng(8) – functionality should be combined into one small, efficient, C dæmon doing so (but without the hacks to keep cprng(8) within one memory page to cease swapping). Still, it’s great!
bsiegert@ will be offline for a week.