>> Lack of good randomness does not quite equal insecure install. Warn >> about it, sure, but I think *requiring* randomness is a bad idea. >> For example, I've been working with recent NetBSD at work, for >> something for which the presence or absence of good random-seed data >> makes absolutely no difference to security. > Unfortunately it leads to surprise failures if programs ever use > /dev/random.
This does not happen for the product in question. There isn't even any entry "random" in /dev in the shipped filesystem - there are only 50 entries in its /dev. I recognize that we won't be using sysinst for the shipped filesystem image anyway. I'm just trying to point out that typical installs needing $THING is not a good reason to insist on everyone having $THING. (For whose value of "typical installs", anyway?) I'm building kernels with neither INET nor INET6 - it doesn't quite work out of the box for 9.1, but it's close enough that only a few files need fixing. Last time I tried it, sysinst let me install a system with no IP address configuration. IMO this should be the same: done by default, automatically if it's easy, but should be skippable if the user says to despite the warnings. In any case, even if the installed system needs a random seed file, that is not the same thing as sysinst needing to install it. > So far we've seen: > - Firefox refusing to start IMO, bug in Firefox. Hanging during startup when trying to do something like fetch a user's configured initial page which is stuck behind HTTPS, that's fine, even expected. Refusing to start? No. > - Python having problems Depending on what the "problems" are, I could call this anything from "expected" to "bug in python". In any case, even if NetBSD were to ship with firefox and python, nothing says the user has to use either one; I still don't see these as justifying sysinst insisting on installing a random seed file. > And some more things that have been patched not to use /dev/random. Sure. And if you don't set the timezone, you'll be stuck in UTC. And if you don't set up a mailer, mail won't work. If you don't set any DNS servers, things depending on name resolution won't work. I don't see this as fundamentally any different. Warning, fine. Enforcing, not - IMO! - fine. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B