On 2019-07-08, Andrei POPESCU <andreimpope...@gmail.com> wrote: > > The timing was also not very good for the buster release cycle. > Hopefully this will be sorted out properly in time for bullseye.
Earlier I thought bullseye was some sort of idiom for Buster going live. Color me ignorant. But concerning the currently proposed workaround for x86 CPU's (from which I cannot "benefit," apparently), it's edifying to note what Ted himself said about his own patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39a8883a2b989d1d21bd8dd99f5557f0c5e89694 random: add a config option to trust the CPU's hwrng This gives the user building their own kernel (or a Linux distribution) the option of deciding whether or not to trust the CPU's hardware random number generator (e.g., RDRAND for x86 CPU's) as being correctly implemented and not having a back door introduced (perhaps courtesy of a Nation State's law enforcement or intelligence agencies). This will prevent getrandom(2) from blocking, if there is a willingness to trust the CPU manufacturer. Signed-off-by: Theodore Ts'o <ty...@mit.edu> So Debian Buster, as it now stands and I understand it, trusts in the correctness of the hardware random number generator, as well as in the absence of any back door that might compromise it, universally and without qualification, of every Debian Buster user's x86 cpu (default kernel command line CONFIG_RANDOM_TRUST_CPU), in the name of security. That's a safer solution than installing haveged? I know, I know, I can use any kernel command line I want. I could switch to another distribution without these problems. I could go fuck myself. But as an innate altruist (just kidding), I'm wondering whether the regular user is aware of the implications of all this. What about people in Nation States ... Well, you get the idea. > Kind regards, > Andrei -- "These findings demonstrate that under appropriate conditions the isolated, intact large mammalian brain possesses an underappreciated capacity for restoration of microcirculation and molecular and cellular activity after a prolonged post-mortem interval." From a recent article in *Nature*. Holy shit.