On Mon, Sep 16, 2019 at 04:05:47PM -0700, Linus Torvalds wrote: > On Mon, Sep 16, 2019 at 4:02 PM Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > > Changing the default (even with kernel warnings) seems like > > it risks people generating keys from an unseeded prng, and that seems > > like a bad thing? > > I agree that it's a horrible thing, but the fact that the default 0 > behavior had that "wait for entropy" is what now causes boot problems > for people. In one case we have "Systems don't boot, but you can downgrade your kernel" and in the other case we have "Your cryptographic keys are weak and you have no way of knowing unless you read dmesg", and I think causing boot problems is the better outcome here. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx
