-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all - I just removed the network device entropy-generating patches from the kernel repo. They had to be explicitly enabled for use and were consistently refused for upstream acceptance. With no better hardware entropy source, they kept the pool full but are prone to third party manipulation via packet flooding. I noticed that since 11.4, we have installed haveged by default. Might it be a good idea to enable it by default as well? Perhaps someone with more experience with it can chime in, but it looks like it stays dormant until the entropy pool drops too low so there's not a lot of overhead. - -Jeff - -- Jeff Mahoney SUSE Labs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk3Ei1wACgkQLPWxlyuTD7I81gCgoNGDYFT7/4VjQ8a6Yl+Du2PE riMAn0h3eFOVU3BdVVHPqqMyI/S1iDB1 =XyDt -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org