A real fix for the problem where: import random would result in every call to random() returning the same value in the web interface. While cgi/client.py:Client::__init.py__ was calling random.seed(), on most systems random was SystemRandom and not the default random. As a result the random as you would get from: import random was never being seeded. I added a function to access and seed the random bound instance of random.Random that is called during init. This fixes all three places where I saw the broken randomness. It should also fix: http://psf.upfronthosting.co.za/roundup/meta/issue644 I also removed the prior code that would bail if systemRandom was not available.

--- a/roundup/scripts/roundup_server.py	Sat Jul 07 22:39:16 2018 -0400
+++ b/roundup/scripts/roundup_server.py	Sun Jul 08 11:34:42 2018 -0400
@@ -88,17 +88,7 @@
 
 def auto_ssl():
     print _('WARNING: generating temporary SSL certificate')
-    import OpenSSL
-
-    try: 
-        # Use the cryptographic source of randomness if available
-        from random import SystemRandom
-        random=SystemRandom()
-    except ImportError:
-        raise
-        from random import Random
-        random=Random()
-
+    import OpenSSL, random
     pkey = OpenSSL.crypto.PKey()
     pkey.generate_key(OpenSSL.crypto.TYPE_RSA, 768)
     cert = OpenSSL.crypto.X509()