Re: Linux 5.3-rc8

From: Matthew Garrett
Date: Mon Sep 16 2019 - 20:35:06 EST

Next message: Matthew Garrett: "Re: Linux 5.3-rc8"
Previous message: Raj, Ashok: "Re: [PATCH] x86/microcode: Add an option to reload microcode even if revision is unchanged"
In reply to: Lennart Poettering: "Re: Linux 5.3-rc8"
Next in thread: Matthew Garrett: "Re: Linux 5.3-rc8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 16 September 2019 16:18:00 GMT-07:00, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>On Mon, Sep 16, 2019 at 4:11 PM Matthew Garrett <mjg59@xxxxxxxxxxxxx>
>wrote:
>>
>> In one case we have "Systems don't boot, but you can downgrade your
>> kernel" and in the other case we have "Your cryptographic keys are
>weak
>> and you have no way of knowing unless you read dmesg", and I think
>> causing boot problems is the better outcome here.
>
>Or: In one case you have a real and present problem. In the other
>case, people are talking hypotheticals.

We've been recommending that people use getrandom() for key generation since it was first added to the kernel. Github suggests there are users in the wild - there's almost certainly more cases where internal code depends on the existing semantics.

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx

Next message: Matthew Garrett: "Re: Linux 5.3-rc8"
Previous message: Raj, Ashok: "Re: [PATCH] x86/microcode: Add an option to reload microcode even if revision is unchanged"
In reply to: Lennart Poettering: "Re: Linux 5.3-rc8"
Next in thread: Matthew Garrett: "Re: Linux 5.3-rc8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]