Bug#923675: Add related bug #916690 info
Daniel Lange dixit:
> Thorsten Glaser (CC) has produced a prototype early-rng-init-tools (cf.
> https://lists.debian.org/debian-devel/2019/02/msg00327.html) which could be
> extended to try reading entropy off the network when it doesn't have a
> carried-over seed (as in the Debian Installer case).
Sorry, this is deliberately out of scope.
My early-rng-init-tools is exactly for the use case of carrying a random
seed between boots and making it available to the system earlier (as a
stopgap until all bootloaders support passing it to the kernel before
the latter is even run) and *deliberately* does not touch the part where
entropy is collected.
FWIW, downloading entropy can be done (we have this in the MirBSD
installer) but has privacy concerns, so it should perhaps be optional.
This is easily done in d-i components, except for the little fact that
busybox wget in d-i lacks https support.
I’ve built myself a locally patched 'monolith' installer with extra
entropy over the network, but that’s site-dependent.
Also, please don’t assume everyone has amd64. The m68k people will,
among others, thank you ;-)
bye,
//mirabilos
--
When he found out that the m68k port was in a pretty bad shape, he did
not, like many before him, shrug and move on; instead, he took it upon
himself to start compiling things, just so he could compile his shell.
How's that for dedication. -- Wouter, about my Debian/m68k revival
Reply to: