| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190918221254.GA30471@1wt.eu>
Date: Thu, 19 Sep 2019 00:12:54 +0200
From: Willy Tarreau <w@....eu>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: "Alexander E. Patrakov" <patrakov@...il.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Lennart Poettering <mzxreary@...inter.de>,
"Ahmed S. Darwish" <darwish.07@...il.com>,
"Theodore Y. Ts'o" <tytso@....edu>,
Matthew Garrett <mjg59@...f.ucam.org>,
Vito Caputo <vcaputo@...garu.com>,
Andreas Dilger <adilger.kernel@...ger.ca>,
Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
William Jon McCann <mccann@....edu>,
zhangjs <zachary@...shancloud.com>, linux-ext4@...r.kernel.org,
lkml <linux-kernel@...r.kernel.org>
Subject: Re: Linux 5.3-rc8
On Wed, Sep 18, 2019 at 01:26:39PM -0700, Linus Torvalds wrote:
> Of course, even then people will say "I don't trust the platform". But
> at some point you just say "you have trust issues" and move on.
It's where our extreme configurability can hurt. Sometimes we'd rather
avoid providing some of these "I don't trust this or that" options and
impose some choices to users: "you need entropy to boot, stop being
childish and collect the small entropy where it is, period". I'm not
certain the other operating systems not experiencing entropy issues
leave as many choices as we do. I can understand how some choices may
be problematic in virtual environments but there are so many other
attack vectors there that randomness is probably a detail.
Willy
Powered by blists - more mailing lists