Date: Tue, 03 Sep 2019 14:07:49 -0000 From: Conrad Meyer <cem@freebsd.org> To: Warner Losh <imp@bsdimp.com> Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org> Subject: Re: svn commit: r346250 - in head: share/man/man4 share/man/man9 sys/dev/random sys/kern sys/libkern sys/sys Message-ID: <CAG6CVpW_Tjz_mPmMPForKAO3gLhES63TtdNyZcg0pTkb3z%2BTRw@mail.gmail.com> In-Reply-To: <CANCZdfrNsBMqKrnqVzTNVNwCcHj5ZYrKhjss_%2Bp6i=rKqwYFNA@mail.gmail.com> References: <201904151840.x3FIeaEQ009242@repo.freebsd.org> <CAPyFy2D9NQQKwVx5MhCfasQ82x7C9s6mj5kXuDE1oogrQeoJ5A@mail.gmail.com> <CAHSQbTAfwYcLenBxg4ZB13P03S%2BTYEM1-xy3BYsSWJ49hBWLZA@mail.gmail.com> <CAG6CVpXwOhSpmCT1SShvEOZAdjbQSk5xSzk%2BLk8c5fMpnhSKQw@mail.gmail.com> <CAG6CVpUqy75_iEU-OwC21LOQFrXTO7rMz3B4iHi7GBTfsqK_5w@mail.gmail.com> <20190416150352.c604a280368ccb2992a861e8@bidouilliste.com> <CANCZdfqwfdPnr3HBAw6=YdPW_0yLsS4OpJMhiqFxWSM6BVJ-Zw@mail.gmail.com> <310a420ee0b9e12249979d89dc4fa0d4cac5a8dc.camel@freebsd.org> <CANCZdfrNsBMqKrnqVzTNVNwCcHj5ZYrKhjss_%2Bp6i=rKqwYFNA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Warner, On Tue, Apr 16, 2019 at 8:47 AM Warner Losh <imp@bsdimp.com> wrote: > On Tue, Apr 16, 2019 at 9:16 AM Ian Lepore <ian@freebsd.org> wrote: >> Isn't a file full of data which is distributed in identical form to >> everyone the exact opposite of entropy? Ian has the right idea. > It's just to bootstrap entropy for installs. The CI stuff doesn't matter = if that's the same since the CI images aren't exposed to the internet in an= y way that would make it matter. The normal install would have the same see= ds of entropy, but diverge from there fairly quickly. The stuff that's used= early in the install is the don't care sort of things that won't matter in= the installer (which then creates it's own entropy that's different for ev= ery install). I agree that it would be safe, although potentially misleading and potentially dangerous, to create a fake entropy file for the installer images. We need to be careful *not* to embed such files in .img files which are installed by 'dd' directly to a disk or flash or VM, for example. It would be catastrophic to distribute the same entropy file to all FreeBSD AWS images. Best, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpW_Tjz_mPmMPForKAO3gLhES63TtdNyZcg0pTkb3z%2BTRw>