Michael Biebl <bi...@debian.org>: > On Sat, 15 Dec 2018 09:17:46 +0100 Stefan Fritsch <s...@sfritsch.de> wrote: > > It turns out there was a similar bug against openssh which was closed as > > wontfix [1]. I don't see how apache can do anything about this, either. > > There is. Don't request high-quality randomness during boot unless you > explicitly need it.
Well, this problem is much more widespread (in terms of software that requests entropy needlessly) than you might think. If you override the unit for something as deterministic as systemd-tmpfiles-setup.service to run it under strace and log the result, you'll see numerous calls to getrandom(). This might need a release-note if no other solution appears (like e.g. [imagine a strawman here, I am not serious] making haveged essential and copying it into the initramfs). -- Alexander E. Patrakov
