Hi Russ Am 10.05.2018 um 19:22 schrieb Russ Allbery: > Michael Biebl <biebl@debian.org> writes: >> Am 10.05.2018 um 00:46 schrieb Ben Hutchings: > >>> One of the krb5 maintainers (Benjamin Kaduk) favours option 2b, and >>> also proposed that systemd could provide a wait-for-rng-ready unit to >>> support this. > >> What exactly would such a wait-for-rng-ready service do and how would it >> solve this particular problem? > > I may be misunderstanding the nature of the issue, but I believe that a > Type=oneshot service that runs a small C program that calls getrandom() > and then exit(0) when it returns would provide a useful facility. > krb5-kdc could then just declare a dependency on that service and wouldn't > be started until randomness was available. So we'd shift the waiting for randomness-to-be-available from one service to another? I don't quite see yet, where the benefit is in that. What's better if a wait-for-rng-ready binary blocks on getrandom() instead of the krb5-kdc binary itself? We wouldn't shorten the time we have to wait this way. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Attachment:
signature.asc
Description: OpenPGP digital signature