Hi Warner, On Tue, Apr 16, 2019 at 8:47 AM Warner Losh <i...@bsdimp.com> wrote: > On Tue, Apr 16, 2019 at 9:16 AM Ian Lepore <i...@freebsd.org> wrote: >> Isn't a file full of data which is distributed in identical form to >> everyone the exact opposite of entropy?
Ian has the right idea. > It's just to bootstrap entropy for installs. The CI stuff doesn't matter if > that's the same since the CI images aren't exposed to the internet in any way > that would make it matter. The normal install would have the same seeds of > entropy, but diverge from there fairly quickly. The stuff that's used early > in the install is the don't care sort of things that won't matter in the > installer (which then creates it's own entropy that's different for every > install). I agree that it would be safe, although potentially misleading and potentially dangerous, to create a fake entropy file for the installer images. We need to be careful *not* to embed such files in .img files which are installed by 'dd' directly to a disk or flash or VM, for example. It would be catastrophic to distribute the same entropy file to all FreeBSD AWS images. Best, Conrad _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
