On Thu, May 10, 2018 at 07:30:46PM +0200, Michael Biebl wrote: > > So we'd shift the waiting for randomness-to-be-available from one > service to another? I don't quite see yet, where the benefit is in that. > What's better if a wait-for-rng-ready binary blocks on getrandom() > instead of the krb5-kdc binary itself? We wouldn't shorten the time we > have to wait this way.
Nothing, if krb5-kdc is the only thing doing the waiting. But the presumption was that there would be many things that would need to wait, in which case doing it centrally reduces duplication of effort. -Ben
