VOTE Apply PR#9084 reverting DEVRANDOM_WAIT
kurt at roeckx.be
Sun Jun 9 10:35:52 UTC 2019
On Sat, Jun 08, 2019 at 09:28:43AM +1000, Dr Paul Dale wrote:
> This vote has been closed, it passed 5 votes to 2 with no abstentions.
> Up for discussion is the text of the next vote. I’m proposing this:
> Topic: The OpenSSL 3.0.0 release will include mitigation for the low entropy on boot and first boot problems.
> Comment: PR#9084 removed such mitigation due to the negative side effects.
> I’ll make this formal in a day or so, so if anyone wants to suggest alternative wording, that’s the time line. The vote text is the “topic” line, the comment is explanatory only.
> Note: I’m not mentioning the mechanism used, that still needs to be decided on. This is just saying that 3.0.0 *will* have some mechanism.
The only mechanisms I can think of are:
- Do something with /dev/random (use it as source, select on it,
read a byte from it)
- Check for the presence of some file that we require the init
system to set up to indicate that /dev/urandom is ready, and
wait until it exists.
- Don't use /dev/urandom at all
More information about the openssl-project