From owner-svn-src-all@freebsd.org Tue Sep 3 14:07:48 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D6882DD21D; Tue, 3 Sep 2019 14:06:57 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46N8011h6yz4Q4q; Tue, 3 Sep 2019 14:06:57 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1452) id 17AF11AE27; Tue, 3 Sep 2019 14:06:23 +0000 (UTC) X-Original-To: yuripv@localmail.freebsd.org Delivered-To: yuripv@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [96.47.72.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id D3DA61ED41; Tue, 16 Apr 2019 15:56:35 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 291576C251; Tue, 16 Apr 2019 15:56:35 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 538) id 129B81ECF2; Tue, 16 Apr 2019 15:56:35 +0000 (UTC) Delivered-To: src-committers@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id BF86D1ECEE; Tue, 16 Apr 2019 15:56:32 +0000 (UTC) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7A8786C24B; Tue, 16 Apr 2019 15:56:32 +0000 (UTC) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id x3GFuT7K095472; Tue, 16 Apr 2019 08:56:29 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id x3GFuTvO095471; Tue, 16 Apr 2019 08:56:29 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <201904161556.x3GFuTvO095471@gndrsh.dnsmgr.net> Subject: Re: svn commit: r346250 - in head: share/man/man4 share/man/man9 sys/dev/random sys/kern sys/libkern sys/sys In-Reply-To: To: cem@freebsd.org CC: Warner Losh , src-committers , svn-src-all , svn-src-head Reply-To: rgrimes@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Precedence: bulk X-Loop: FreeBSD.org Sender: owner-src-committers@freebsd.org X-Rspamd-Queue-Id: 291576C251 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.98 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.98)[-0.983,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Status: O X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Tue, 03 Sep 2019 14:07:48 -0000 X-Original-Date: Tue, 16 Apr 2019 08:56:29 -0700 (PDT) X-List-Received-Date: Tue, 03 Sep 2019 14:07:48 -0000 [ Charset UTF-8 unsupported, converting... ] > Hi Warner, > > On Tue, Apr 16, 2019 at 8:47 AM Warner Losh wrote: > > On Tue, Apr 16, 2019 at 9:16 AM Ian Lepore wrote: > >> Isn't a file full of data which is distributed in identical form to > >> everyone the exact opposite of entropy? > > Ian has the right idea. > > > It's just to bootstrap entropy for installs. The CI stuff doesn't matter if that's the same since the CI images aren't exposed to the internet in any way that would make it matter. The normal install would have the same seeds of entropy, but diverge from there fairly quickly. The stuff that's used early in the install is the don't care sort of things that won't matter in the installer (which then creates it's own entropy that's different for every install). > > I agree that it would be safe, although potentially misleading and > potentially dangerous, to create a fake entropy file for the installer > images. We need to be careful *not* to embed such files in .img files > which are installed by 'dd' directly to a disk or flash or VM, for > example. It would be catastrophic to distribute the same entropy file > to all FreeBSD AWS images. Thank you Conrad, I'll bow out of any discussion now, you clearly have the same concern I do. > Best, > Conrad -- Rod Grimes rgrimes@freebsd.org