[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fix for no ssh

On 2019-07-10, Andy Smith <andy@strugglers.net> wrote:
> Hi Curt,
>
> On Tue, Jul 09, 2019 at 07:59:53AM +0000, Curt wrote:
>> I think these reserves are relevant and pertinent to the patch
>> itself and should be revealed to the user, whom we cannot assume
>> or expect to follow the technical discussions of the development
>> team, in the release-notes for Buster.
>
> Clearly we disagree about how serious that matter is, and I have a
> problem with your continued reference to dire warnings from 2013
> about something completely different, because it easily confuses.

Maybe I misremember, but I believe I made *one* reference to 2013, which
wasn't really a dire warning, but rather Ts'o expressing relief that he
didn't cave to pressure from INTEL to rely solely on RDRAND, following
an article in the nytimes. Why this is completely orthogonal for you is
anyone's guess, but I will withdraw my reference to 2013, in that case,
as it provides context but isn't required for the purposes of this
discussion.

Above and elsewhere I have mainly and principally referred to the
reserves Ts'o expressed in the patch itself, as well in the discussion
that bloomed around its proposal.

> But, let's say this use of RDRAND to supply boot-time entropy is as
> serious as you argue. What would be your suggested configuration

I would like Debian to make it clear in the release-notes that there are
security implications to the application of the patch, as expressed by
its author in the patch itself. This seems like a strict minimum for the
"universal operating system" devoted to free software, open standards,
and user choice.

Further, I would like to know whether the patch will be "baked into the
kernel" or whether it can be toggled on and/or off at the *user's*
discretion. I don't remember being clear on this point after reading the
notes (maybe it's there and I missed it).

It wasn't clear to me, either, in the release-notes, the recommended way
forward for those with amd64 cpus lacking the RDRAND instruction (and who
therefore cannot "benefit" from the patch).

> "out of the box" and how would you communicate the issue to the
> user?


> Cheers,
> Andy
>


-- 
"These findings demonstrate that under appropriate conditions the isolated,
intact large mammalian brain possesses an underappreciated capacity for
restoration of microcirculation and molecular and cellular activity after a
prolonged post-mortem interval." From a recent article in *Nature*. Holy shit.
Reply to: