The Debian GNU/Linux project has just endured what is probably its worst week on the security front in the 15 years of its existence following the disclosure on May 13 of a serious vulnerability in the distribution's OpenSSL package.
Read it here and here
While this was achieved, the removal of the second line also removed all sources of entropy apart from the process ID which limited the number of unique keys to that given above.
There are a few things to be noted here. The Debian developer in question, Kurt Roeckx, sent a message to the openssl-dev mailing list on May 1, 2006, titled “Random number generator, uninitialised memory and valgrind”, proposing the changes which he wanted to make – the commenting out of the two lines of code. He also mentioned that he had no idea what effect this would have on the random number generator.