| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Dec 2021 09:09:55 +0100
From: Stephan Müller <smueller@...onox.de>
To: Simo Sorce <simo@...hat.com>, Willy Tarreau <w@....eu>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Marcelo Henrique Cerri <marcelo.cerri@...onical.com>,
"Jason A. Donenfeld" <Jason@...c4.com>,
Jeffrey Walton <noloader@...il.com>, Tso Ted <tytso@....edu>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
Nicolai Stange <nstange@...e.de>,
LKML <linux-kernel@...r.kernel.org>,
Arnd Bergmann <arnd@...db.de>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
"Alexander E. Patrakov" <patrakov@...il.com>,
"Ahmed S. Darwish" <darwish.07@...il.com>,
Matthew Garrett <mjg59@...f.ucam.org>,
Vito Caputo <vcaputo@...garu.com>,
Andreas Dilger <adilger.kernel@...ger.ca>,
Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
William Jon McCann <mccann@....edu>,
zhangjs <zachary@...shancloud.com>,
Andy Lutomirski <luto@...nel.org>,
Florian Weimer <fweimer@...hat.com>,
Lennart Poettering <mzxreary@...inter.de>,
Peter Matthias <matthias.peter@....bund.de>,
Eric Biggers <ebiggers@...nel.org>,
Randy Dunlap <rdunlap@...radead.org>,
Julia Lawall <julia.lawall@...ia.fr>,
Dan Carpenter <dan.carpenter@...cle.com>,
Andy Lavr <andy.lavr@...il.com>,
Petr Tesarik <ptesarik@...e.cz>,
John Haxby <john.haxby@...cle.com>,
Alexander Lobakin <alobakin@...lbox.org>,
Jirka Hladky <jhladky@...hat.com>
Subject: Re: [PATCH v43 01/15] Linux Random Number Generator
Am Samstag, 11. Dezember 2021, 08:06:10 CET schrieb Willy Tarreau:
Hi Willy,
> On Fri, Dec 10, 2021 at 12:02:35PM -0500, Simo Sorce wrote:
> > On Fri, 2021-12-10 at 10:48 +0100, Greg Kroah-Hartman wrote:
> > > Given that there are no patches here to review by anyone, why is this
> > > email thread still persisting?
> >
> > There is a will and a need to "improve" things, but given past absence
> > of feedback, people are trying to understand if there is any point in
> > trying to submit patches. Patches are work, and people like to know
> > they are not wasting their time completely before committing many more
> > hours.
>
> It is obviously natural to think this way, but you can also understand
> that reviewing patches is extremely time consuming. And it's extremely
> difficult to review a patch series which says "replace all that
> infrastructure with a new one", especially when the motivations are
> "comply with this or that standard" without the benefits being obvious
> at all for those having to review those patches.
I am so surprised by such statements. Patch 00/15 lists in a bullet list the
significant benefits of the LRNG. But seemingly nobody reads the introduction
with its concise bullet list or the documentation. The FIPS bits are a tiny
aspect of the whole effort (which even can be completely compiled out based on
config options), the more significant aspects that have nothing to do with
FIPS and benefit all are testability, performance, use of contemporary
cryptography, and flexibility.
> But this does mean that a list of incremental changes/additions has to
> be established on the submitter's side, not a list of replacements.
Before I started the endeavor of the stand-alone patch of the LRNG, I
developed cleanup patches to random.c in 2014 and 2015. I got massively
discouraged to continue working on random.c as I did not get feedback from the
maintainer. Some patches were taken, some were not without a comment...
Ciao
Stephan
Powered by blists - more mailing lists