On Tue, May 12, 2020 at 11:18:02AM -0400, Terry Moore wrote:
> A useful definition requires that third-party code will not have surprising
> security defects compared to their operation on other operating systems.
There are other concerns for whether third party code works well..
I'll just copy what I said on IRC.
<nia> we really have two modes of operation now, never blocking with
('good') HWRNG, and blocking forever on first boot without HWRNG, but
never blocking otherwise (providing there's a seed file on-disk)
<nia> applications that do getrandom(0) are either gonna work just as
if they'd used kern.arandom, or never work until the sysadmin does some
bull**** intervention (write a byte to /dev/random)
<Riastradh> That's why if we provide the name getentropy I think
implementing it as may-block would run counter to general expectations...
<nia> right, other kernels that block include way more samples as valid
entropy than NetBSD does
<nia> from what you've said their criteria for unblocking might be
completely borked
But, it's time for core@ to be locked in a room until a decision is
reached...
