Bug#912087: openssh-server: Slow startup after the upgrade to 7.9p1
Rasmus Villemoes
rasmus.villemoes at prevas.dk
Sat Nov 3 22:58:14 GMT 2018
On 2018-10-30 21:51, Theodore Y. Ts'o wrote:
> On Tue, Oct 30, 2018 at 07:37:23PM +0100, Kurt Roeckx wrote:
>>
>> So are you saying that the /var/lib/random/seed is untrusted, and
>> should never be used, and we should always wait for fresh entropy?
>>
[...]
>
> In any case, if Debian wants to ship a program which reads a seed file
> and uses it to initialize the random pull assuming that it's
> trustworthy via the RNDADDENTROPY ioctl, that's not an insane thing to
> do. My recommendation would be to make it be configurable, however,
> just as whether we trust RDRAND should be trusted (in isolation) to
> initialize the CRNG.
This thread finally prompted me to look into getting systemd to
optionally credit the seed file, and it seems like that might make it in
in some form:
https://github.com/systemd/systemd/pull/10621
Rasmus
More information about the Pkg-systemd-maintainers
mailing list