Message 267671 - Python tracker (original) (raw)

Donald -

With the greatest respect, you're talking about introducing multi-minute delays into the startup times of hundreds of millions of systems, regardless of whether they have a proximate requirement for cryptographically-secure RNG sources. I don't think that's reasonable. My servers start up in about fifteen seconds with this patch applied, or over two minutes without.

Note; it's perfectly possible for getrandom() to block indefinitely - in the trigger case here (systemd's crontab generator), it times out after 90 seconds rather than eventually succeeding. If (for example), a Python script is called before device initialization, it's quite possible that there will never be enough entropy in the system to satisfy getrandom(), resulting in a non-booting system.

To reiterate; the overwhelming majority of applications (in particular, anything which is called after the entropy pool is initialized, which typically happens once networking, USB etc. are running) will use perfectly acceptable random sources. The only applications affected by this patch are those which call getrandom() very early in the boot process.

I feel you're tilting at a very impractical windmill.