On 2021-11-17 at 07:39:08, Junio C Hamano wrote: > "brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes: > > > Finally, add a self-test option here to make sure that our buffer > > handling is correct and we aren't truncating data. We simply read 64 > > KiB and then make sure we've seen each byte. The probability of this > > test failing spuriously is less than 10^-100. > > I saw that 10^-100 math in the other message, and have no problem > with that, but I am not sure how such a test makes "sure that our > buffer handling is correct and we aren't truncating data." If you > thought you are generate 64kiB of random bytes but a bug caused you > to actually use 32kiB of random bytes with 32kiB of other garbage, > wouldn't you still have enough entropy left that you would be likely > to paint all 256 buckets? True, but our code processes smaller chunks at a time, which means that theoretically we'd notice before then. For example, getentropy(2) won't process chunks larger than 256 bytes. If we don't think there's value, I can just remove it. > I also agree with Peff's comment about making these look as if many > of them can be specified at once, when only one of them would > actually be in effect. Giving one Makefile macro that the builder > can set to a single value would be much less confusing. I can use one Makefile macro, sure. I think we'll still need multiple macros for the actual C code because we can't really do a string comparison in the C preprocessor. -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature