The problem here isn't about whether or not to add uninitialized memory to the entropy pool. Removing that line was fine. The problem was removing the other line, which is where all entropy (except the PID) was added. The Debian maintainer didn't look at the wider context to see that one of those lines was absolutely necessary, and that the routine it was in just may have been wrongly called with potentially-uninitialized memory once or twice. This reminds me of Linus's argument about debuggers making programmers stupid, making them focus on narrow scope rather than understanding the way the code is supposed to work in context. In this case it was valgrind that made the programmer stupid.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds