On Mon, Nov 09, 2020 at 11:03:31AM +0000, nia wrote: > On Mon, Nov 09, 2020 at 11:18:31AM +0100, Martin Husemann wrote: > > On Mon, Nov 09, 2020 at 10:10:56AM +0000, nia wrote: > > > fwiw, i think the default options should be as close to Just Work as > > > possible. > > > > > > i have installed NetBSD irl with people who have only a little bit of unix > > > knowledge, and watched them wince every time something doesn't go as > > > planned. > > > often this is on older, spare hardware, that's just to play with the OS > > > on, > > > so it is likely to not have >2015 CPU features (RDRAND). > > > > I totaly agree with both of this, but "just work" is not a clear target, > > especially when a simple step makes a difference in security (whether > > manually typing in random things *does* make a difference is probably > > for another debate). > > > > The description pointing at copying output from another machine is just > > an option (and it actually helps a lot when you do installs via serial > > console or similar). > > > > So: happy to make it more userfriendly, simpler, rephrase messages, > > whatever needed - but we should not end up with insecure installs. > > > > Martin > > Requiring users to type in data is just going to result in a lot of > users mashing the keyboard to get an install to work, is all I'm saying.
...which is actually a completely reasonable method. Heck, it's how people have been using PGP for decades. Joerg
