Am Dienstag, 26. Juli 2011 schrieb Marcus Meissner:
Hi,
The reasoning to not have it enabled was the mimimal set of services running to reduce security attack surface and to enhance startup time.
We reviewed haveged for SLE 11, from a integrity security side it is ok.
We reviewed the randomness it generates briefly (!) and found no issues.
However ... the sheer amount of randomness it claims to generate feels a bit too good to be true to me.
It insanity rating is similar to using /dev/urandom, refering to a previous comment.
That said, we are fine with enabling it if people consider it necessary.
I think we can easily install it by default and if someone writes a yast agent to enable it for runlevel 3 installations, I'm fine with that too. But I don't want an extra daemon running on default installs that usually don't need it - and those that do need it, can easily enable it. Greetings, Stephan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org