svn commit: r274739 - head/sys/mips/conf
Adrian Chadd
adrian at freebsd.org
Fri Nov 21 21:57:32 UTC 2014
On 21 November 2014 11:53, Mark R V Murray <mark at grondar.org> wrote:
>
>> On 21 Nov 2014, at 19:41, Ian Lepore <ian at FreeBSD.org> wrote:
>> The arrogance in the way you talk down to me about my right and ability
>> to decide these things is mind-boggling. It's clear you're going to do
>> whatever you want, so I guess I'll just shut up.
>
> I’m sorry for offence; that was unintended.
>
> Was *was* intended was to attempt to engage you in dialogue. You are
> obviously annoyed, but after rather a lot of discussion (2 devsummits,
> 1 EuroBSDCon and a lot of email), some form of consensus was required.
> Unfortunately you are not one of those who could not be accommodated to
> the extent that you desired. We obviously couldn’t make everyone happy.
> Some aspects of the compromise were things *I* really didn’t like.
>
> I think there are ways round your problem, and I’ll be happy to help you
> get there. Please don’t just hold out for one particular solution; be
> flexible.
Unfortunately there are things that the real world expects on these
silly embedded platforms that we can't avoid:
* sshd as a requirement for remote access;
* HTTPS as a requirement for remote access;
* crypto available for WPA/WPA2 key negotiation for wifi access;
and so on.
So, we can't just "not" have random ready early at boot and only use
non-crypto services, because the real world knocked on our door and
said "We don't care about full security at boot; we'll gather entropy
and improve things soon."
So yes, I +1 needing some build option that lets us feed some crappy
random numbers out at startup. I dislike it, but the realities of
these ubiquitous embedded platforms is unfortunate :(
-adrian
More information about the freebsd-arch
mailing list