On 16 September 2019 16:18:00 GMT-07:00, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: >On Mon, Sep 16, 2019 at 4:11 PM Matthew Garrett <mjg59@xxxxxxxxxxxxx> >wrote: >> >> In one case we have "Systems don't boot, but you can downgrade your >> kernel" and in the other case we have "Your cryptographic keys are >weak >> and you have no way of knowing unless you read dmesg", and I think >> causing boot problems is the better outcome here. > >Or: In one case you have a real and present problem. In the other >case, people are talking hypotheticals. We've been recommending that people use getrandom() for key generation since it was first added to the kernel. Github suggests there are users in the wild - there's almost certainly more cases where internal code depends on the existing semantics. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx
