Re: Waiting for Randot (or: nia and maya were right and I was wrong)

To: Taylor R Campbell <campbell%mumble.net@localhost>
Subject: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
From: Martin Husemann <martin%duskware.de@localhost>
Date: Fri, 15 Jan 2021 11:21:21 +0100

On Fri, Jan 15, 2021 at 12:12:05AM +0000, Taylor R Campbell wrote:
> > On Mon, Jan 11, 2021 at 01:25:36AM +0000, Taylor R Campbell wrote:
> > > We might also do something similar with the motd -- add a single line,
> > > citing entropy(7) for more details, if there's not enough entropy.
> > 
> > Please don't - that is one of the least usefull places to put such a
> > note.
> 
> Can you expand on why?

The user reading it there is often not the admin who is able to deal with
the situation (and fix it). Many ways of accessing a system do not
display /etc/motd.

> > I still think that this should be dealt with (once and for all) at
> > installation time (as we did for a short period, for some machines and
> > install methods) - but apparently it is impossible to reach consensus
> > on the wording and supported methods, so I won't touch it.
> 
> It's fine to put _optional_ functionality into sysinst, perhaps in the
> utility menu or in the post-installation config menu alongside setting
> the timezone and enabling ssh &c.  What's not fine is making the user
> feel trapped until they take some remedial action about entropy,
> before they can proceed to anything else in the installation.

This is on a fine line between easy and broken.

The code already did display the option only if entropy was in bad shape.
Assuming we first try to run the audiorng tool and then re-check entropy
state, it would happen even less often (~never on x86, but some arm SoC still
come w/o hwrng nor audio - and of course many legacy machines).

In principle I agree with you that the best options are optional and can
be done later, but in this case things *are* different:

 - We must be prepared to live with setups where users overlooked the option
   and just went on (with your recent changes that could work, previously
   it was impossible - but it still has serious implications).
 - Changes like root's shell or the default timezone have no long standing
   impact on the system, but in this case we likely will generate ssh
   host keys on next boot. How do we force those to be regenerated when
   entropy is only fixed later?

Martin

References:
- Re: Waiting for Randot (or: nia and maya were right and I was wrong)
  - From: Martin Husemann
- Re: Waiting for Randot (or: nia and maya were right and I was wrong)
  - From: Taylor R Campbell

Prev by Date: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
Next by Date: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
Previous by Thread: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
Next by Thread: Re: Waiting for Randot (or: nia and maya were right and I was wrong)
Indexes:

Home | Main Index | Thread Index | Old Index