Message217281
Like Antoine, I'm really skeptical about the backport: honestly, this change doesn't bring much in a normal application. To run into the number of open file descriptors limit (so the "scalability" aspect), one would need to have *many* concurrent threads reading from /dev/urandom. For the "performance" aspect, I have a hard time believing that the overhead of the extra open() + close() syscalls is significant in a realistic workload. If reading from /dev/urandom becomes a bottleneck, this means that you're depleting your entropy pool anyway, so you're in for some potential trouble...
> There is a reason we don't backport new features!
Couldn't agree more. This whole "let's backport security enhancements" sounds scary to me. |
|
Date |
User |
Action |
Args |
2014-04-27 16:31:43 | neologix | set | recipients:
+ neologix, ncoghlan, janssen, giampaolo.rodola, christian.heimes, benjamin.peterson, alex, tshepang, dstufft, josh.r |
2014-04-27 16:31:43 | neologix | set | messageid: <1398616303.68.0.514450011947.issue21305@psf.upfronthosting.co.za> |
2014-04-27 16:31:43 | neologix | link | issue21305 messages |
2014-04-27 16:31:43 | neologix | create | |
|