Author neologix
Recipients alex, benjamin.peterson, christian.heimes, dstufft, giampaolo.rodola, janssen, josh.r, ncoghlan, neologix, tshepang
Date 2014-04-27.16:31:43
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1398616303.68.0.514450011947.issue21305@psf.upfronthosting.co.za>
In-reply-to
Content 
Like Antoine, I'm really skeptical about the backport: honestly, this change doesn't bring much in a normal application. To run into the number of open file descriptors limit (so the "scalability" aspect), one would need to have *many* concurrent threads reading from /dev/urandom. For the "performance" aspect, I have a hard time believing that the overhead of the extra open() + close() syscalls is significant in a realistic workload. If reading from /dev/urandom becomes a bottleneck, this means that you're depleting your entropy pool anyway, so you're in for some potential trouble...

> There is a reason we don't backport new features!

Couldn't agree more. This whole "let's backport security enhancements" sounds scary to me.
History
Date User Action Args
2014-04-27 16:31:43neologixsetrecipients: + neologix, ncoghlan, janssen, giampaolo.rodola, christian.heimes, benjamin.peterson, alex, tshepang, dstufft, josh.r
2014-04-27 16:31:43neologixsetmessageid: <1398616303.68.0.514450011947.issue21305@psf.upfronthosting.co.za>
2014-04-27 16:31:43neologixlinkissue21305 messages
2014-04-27 16:31:43neologixcreate