On 5/10/18 7:30 PM, Michael Biebl wrote: > So we'd shift the waiting for randomness-to-be-available from one > service to another? I don't quite see yet, where the benefit is in that. > What's better if a wait-for-rng-ready binary blocks on getrandom() > instead of the krb5-kdc binary itself? We wouldn't shorten the time we > have to wait this way. Unless the services properly signal readiness (which admittedly they should), you'd at least end up with a situation where you don't start things prematurely. Like if, say, something on the machine depends on krb5-kdc being up, it might be better to wait instead of trying to contact a hanging kdc. But then the time is still better spent to implement sd_notify(READY=1)... (But maybe not in stable?) Kind regards Philipp Kern
Attachment:
signature.asc
Description: OpenPGP digital signature