Re: ATF tests still failing to complete within 2 hours on amd64

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Sat, Dec 03, 2011 at 11:07:44PM +0100, Michael van Elst wrote:
> 
> I would expect that those parts of the system that use the
> random number generator, no longer work as specified and
> critical parts would warn me or refuse to work at all.

Do you really think most applications will tolerate a system with
major kernel components functionally not present better than a
system that either doesn't run at all (if the RNG really is bad,
and therefore the system always reboots) or immediately
reboots and runs fine (in the case of a false positive)?

Allowing systems to come online missing large parts of functionality,
in my experience anyway, is a great way to defeat even the most
careful planning for application reliability.  I'm really, really
not in favor of it.

> > C) There is exactly one instance of this test that will actually reboot
> >    the system: the very first one at boot.  In which case, if the positive
> >    is a false positive, the system will just come up perfectly normally
> >    a few seconds or a minute later.
> 
> Nah, the random number generator is broken, it won't be unbroken after
> a reboot.

Do you mean to say that the generator is broken so that the probability
of a true positive is high?  To me, that seems like a much more serious
issue than a 0.03% chance that the system will reboot at startup and come
up running fine.

> The point being: 3 out of 10000 is too much.

You say this, but I see no actual rationale for why I should believe it.
Why is the expected value of the outcome you prefer greater than that of
the one I prefer?

Thor