On Sat, Jun 08, 2019 at 09:28:43AM +1000, Dr Paul Dale wrote: > This vote has been closed, it passed 5 votes to 2 with no abstentions. > > > Up for discussion is the text of the next vote. I’m proposing this: > > Topic: The OpenSSL 3.0.0 release will include mitigation for the low entropy > on boot and first boot problems. > Comment: PR#9084 removed such mitigation due to the negative side effects. > > > I’ll make this formal in a day or so, so if anyone wants to suggest > alternative wording, that’s the time line. The vote text is the “topic” > line, the comment is explanatory only. > > Note: I’m not mentioning the mechanism used, that still needs to be decided > on. This is just saying that 3.0.0 *will* have some mechanism.
The only mechanisms I can think of are: - Do something with /dev/random (use it as source, select on it, read a byte from it) - Check for the presence of some file that we require the init system to set up to indicate that /dev/urandom is ready, and wait until it exists. - Don't use /dev/urandom at all Kurt
