Re: svn commit: r239598 - head/etc/rc.d

On Sun, Sep 02, 2012 at 03:57:13PM -0700, Doug Barton wrote:
> On 08/22/2012 16:37, David E. O'Brien wrote:
> > Author: obrien
> > Date: Wed Aug 22 23:37:24 2012
> > New Revision: 239598
> > URL: http://svn.freebsd.org/changeset/base/239598
> > 
> > Log:
> >   * Reinstate r128059's consumption of our best entropy first.
> >     r128060 for "hardware-supplied entropy" reversed this without reason,
> >     seems a typo.
> 
> I object to this change as well, although mostly for sentimental
> reasons. :)

Hi Doug,
Hope you had a good Labor Day Holiday.

I'm sorry I didn't see your messages before I committed another change to
this file (r240108).  I had it ready to commit last Thursday night, but
didn't want to commit it before being AFK over the holiday.

> It's also dubious whether the static /entropy file is
> really the "best" option at that point, since the "better than nothing"
> entropy at least contains some elements that have the potential to be
> different at boot time.

I may be misreading.  Are you suggesting you don't have much faith that
there is a good amount of entropy in the saved "/entropy" as produced by
/dev/random?

> >   * Isolate "better than nothing" implementation to a function.
> 
> We generally don't extract code that's only run once into a function,
> and my stylistic preference is that we do not do that.

I'll go thru your messages and take a look at your diff.

I think what I committed is a better abstraction.
I think the name of the function helps drive the point that that entropy
gathering isn't all that good, and makes reading the logic flow of the
code easier to read.

-- 
-- David    (obrien@NUXI.org)
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"