On Tue, Jun 20, 2017 at 11:36 AM, Theodore Ts'o <tytso@xxxxxxx> wrote: >> But I think there's another camp that would mutiny in the face of this >> kind of hubris. > > Blocking the boot for hours and hours until we have enough entropy to > initialize the CRNG is ***not*** an acceptable way of making the > warning messages go away. Do that and the users **will** mutiny. > > It's this sort of attitude which is why Linus has in the past said > that security people are sometimes insane.... Uh, talk about a totally unnecessary punch... In case my last email wasn't clear, I fully recognize that `default y` is a tad too extreme, which is why from one of the earliest revisions in this series, I moved directly to the compromise solution (`depends DEBUG_KERNEL`) without even waiting for people to complain first.