This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Harald Welte laforge at gnumonks.orgHi Max,
On Fri, Oct 06, 2017 at 06:57:03PM +0200, Max wrote:
> However, from application PoV it should not matter anyway: if call to some function
> might fail than we should handle it. There are basically 2 things we can do after
> logging the error:
>
> - terminate the application
>
> - fallback to insecure random numbers
>
> So far we used the latter. If understood the summary of ongoing discussion right,
> than we should opt for former. Shall I make it configurable via application
> vty/config (OsmoBSC/OsmoMSC/OsmoSGSN)?
I think it should be a compile time decision for now, and the default
should be "no fallback". So basically the entire fallback code is
#ifdef'd out unless somebody builds libosmocore with a possibly
dangerous compile option and has a good reason to do so.
If the user does that, there should be a related warning at the end of
the ./configure step, and we should also print runtime WARNING level
messages once we actually start to fallback to insecure rand().
--
- Harald Welte <laforge at gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)