lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Sep 2019 00:12:54 +0200 From: Willy Tarreau <w@....eu> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: "Alexander E. Patrakov" <patrakov@...il.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Lennart Poettering <mzxreary@...inter.de>, "Ahmed S. Darwish" <darwish.07@...il.com>, "Theodore Y. Ts'o" <tytso@....edu>, Matthew Garrett <mjg59@...f.ucam.org>, Vito Caputo <vcaputo@...garu.com>, Andreas Dilger <adilger.kernel@...ger.ca>, Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>, William Jon McCann <mccann@....edu>, zhangjs <zachary@...shancloud.com>, linux-ext4@...r.kernel.org, lkml <linux-kernel@...r.kernel.org> Subject: Re: Linux 5.3-rc8 On Wed, Sep 18, 2019 at 01:26:39PM -0700, Linus Torvalds wrote: > Of course, even then people will say "I don't trust the platform". But > at some point you just say "you have trust issues" and move on. It's where our extreme configurability can hurt. Sometimes we'd rather avoid providing some of these "I don't trust this or that" options and impose some choices to users: "you need entropy to boot, stop being childish and collect the small entropy where it is, period". I'm not certain the other operating systems not experiencing entropy issues leave as many choices as we do. I can understand how some choices may be problematic in virtual environments but there are so many other attack vectors there that randomness is probably a detail. Willy
Powered by blists - more mailing lists