Hi Warner, On Tue, Apr 16, 2019 at 8:47 AM Warner Losh <[email protected]> wrote: > On Tue, Apr 16, 2019 at 9:16 AM Ian Lepore <[email protected]> wrote: >> Isn't a file full of data which is distributed in identical form to >> everyone the exact opposite of entropy?
Ian has the right idea. > It's just to bootstrap entropy for installs. The CI stuff doesn't matter if > that's the same since the CI images aren't exposed to the internet in any way > that would make it matter. The normal install would have the same seeds of > entropy, but diverge from there fairly quickly. The stuff that's used early > in the install is the don't care sort of things that won't matter in the > installer (which then creates it's own entropy that's different for every > install). I agree that it would be safe, although potentially misleading and potentially dangerous, to create a fake entropy file for the installer images. We need to be careful *not* to embed such files in .img files which are installed by 'dd' directly to a disk or flash or VM, for example. It would be catastrophic to distribute the same entropy file to all FreeBSD AWS images. Best, Conrad _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
