From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.1 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF5FAC49ED7 for ; Mon, 16 Sep 2019 23:11:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 709A9206A4 for ; Mon, 16 Sep 2019 23:11:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=codon.org.uk header.i=@codon.org.uk header.b="igFAFz0e" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729474AbfIPXLV (ORCPT ); Mon, 16 Sep 2019 19:11:21 -0400 Received: from cavan.codon.org.uk ([93.93.128.6]:47261 "EHLO cavan.codon.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726648AbfIPXLV (ORCPT ); Mon, 16 Sep 2019 19:11:21 -0400 X-Greylist: delayed 516 seconds by postgrey-1.27 at vger.kernel.org; Mon, 16 Sep 2019 19:11:20 EDT DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codon.org.uk; s=63138784; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=m5qWHup7yMMRh+Xg8+te9WQq6zFrV6E62rs1+Nh3VZQ=; b=igFAFz0eoVGQ2XdTqJANa+aWw CkpAOZ1OLnw+jHLANskDhQ2CReJm0AvSvKfJ1APBgoulDhd4A9ZshFMN24saMu99lw+F6sqJmPtq+ WAzpJTLqUx3ZSofM2WibAFe1gKB6ISfkxY+p6lWHlSKdZ9tMR11VlaSGwNji8+tIs387o=; Received: from mjg59 by cavan.codon.org.uk with local (Exim 4.89) (envelope-from ) id 1iA099-0001lM-MQ; Tue, 17 Sep 2019 00:11:03 +0100 Date: Tue, 17 Sep 2019 00:11:03 +0100 From: Matthew Garrett To: Linus Torvalds Cc: "Theodore Y. Ts'o" , Willy Tarreau , Vito Caputo , "Ahmed S. Darwish" , Lennart Poettering , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , "Alexander E. Patrakov" , zhangjs , linux-ext4@vger.kernel.org, lkml Subject: Re: Linux 5.3-rc8 Message-ID: <20190916231103.bic65ab4ifv7vhio@srcf.ucam.org> References: <20190916014833.cbetw4sqm3lq4x6m@shells.gnugeneration.com> <20190916024904.GA22035@mit.edu> <20190916042952.GB23719@1wt.eu> <20190916061252.GA24002@1wt.eu> <20190916172117.GB15263@mit.edu> <20190916230217.vmgvsm6o2o4uq5j7@srcf.ucam.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: mjg59@cavan.codon.org.uk X-SA-Exim-Scanned: No (on cavan.codon.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 16, 2019 at 04:05:47PM -0700, Linus Torvalds wrote: > On Mon, Sep 16, 2019 at 4:02 PM Matthew Garrett wrote: > > Changing the default (even with kernel warnings) seems like > > it risks people generating keys from an unseeded prng, and that seems > > like a bad thing? > > I agree that it's a horrible thing, but the fact that the default 0 > behavior had that "wait for entropy" is what now causes boot problems > for people. In one case we have "Systems don't boot, but you can downgrade your kernel" and in the other case we have "Your cryptographic keys are weak and you have no way of knowing unless you read dmesg", and I think causing boot problems is the better outcome here. -- Matthew Garrett | mjg59@srcf.ucam.org