Hi Santiago-- On Wed 2017-01-11 14:36:16 -0500, Santiago Vila wrote: > On Wed, Jan 11, 2017 at 02:06:21PM -0500, Daniel Kahn Gillmor wrote: > >> (b) it's not actually an issue on the debian buildd infrastructure > > While I understand the downgrade of this bug in particular, I'm > worried about this rationale being used over and over again, when it's > clearly flawed (and not just simply flawed, but seriously flawed).
fwiw, i agree with you fully here, which is why i didn't close the bug,
and kept the severity as high as "important". I didn't mean to imply
that the bug was not valid because it builds on the buildd's -- just
that we have a workaround for now because it builds on the buildd's
> We can't just rely on specific and accidental features of
> buildd.debian.org to be present in any autobuilder, we can only rely
> on those who are expressed in build-depends.
>
> We don't have a Build-CPU-MHz: control field to ask for a fast
> autobuilder, but we should probably never have such control field.
>
> We don't have a Build-CPU: control field to ask for a multi-core
> autobuilder, but we should probably never have such control field.
These are qualitatively different from "a builder which has system
entropy available in order to run the test suite".
If we believe that no test suites or build processes should need system
entropy at all (not implausible in these days of reproducible builds and
hopefully-deterministic test suites), another approach would be to
symlink /dev/random to /dev/urandom on all buildd's, and then the
builders just get what they get, rather than starving the system of
entropy.
thanks for continuing to push on this stuff. If you have any better
suggestions for resolution, i'd be happy to hear them.
I probably need to open an upstream bug with gnupg about subkey
generation when there is limited system entropy too, but i tend to
actually have system entropy on my own hardware and haven't had the time
to set up a deliberately-starved machine for the test process.
--dkg
signature.asc
Description: PGP signature
