On Mon, Nov 09, 2020 at 09:53:50AM -0500, Mouse wrote: > > So: happy to make it more userfriendly, simpler, rephrase messages, > > whatever needed - but we should not end up with insecure installs. > > Lack of good randomness does not quite equal insecure install. Warn > about it, sure, but I think *requiring* randomness is a bad idea. For > example, I've been working with recent NetBSD at work, for something > for which the presence or absence of good random-seed data makes > absolutely no difference to security.
Unfortunately it leads to surprise failures if programs ever use /dev/random. If not seeded, reads from it will block forever. So far we've seen: - Firefox refusing to start - Python having problems And some more things that have been patched not to use /dev/random.
