Control: severity 841208 important On Mon 2016-12-12 19:16:24 -0500, Daniel Kahn Gillmor wrote:
> thanks for the notes. the issue is now entropy starvation during > "monkeysphere gen-subkey" in the test suite. I'm not sure what the > right thing to do is here, other than either: > > a) adding debug-quick-random to the gpg.conf file in the test suite, or I looked into this, and i think this is actually already being done :/ in tests/common, we define get_gpg_prng_arg(), and in tests/basic, we apply it to all the gpg.conf files that should be relevant. > b) adding a build-dependency on haveged this seems weirdly roundabout. we don't actually build-depend on haveged, we build-depend on haveged actually running on the platform in question and pushing its "entropy" into the kernel's buffers. Or, we depend on a kernel that seeds itself once for entropy and remains in a non-blocking state because of a good internal CSPRNG. Or, we depend on having an entropykey attached. Or … Can we just say that the test suite needs entropy somehow? > It seems to me that there's a general upstream bug with GnuPG consuming > more entropy than it nees to, but i don't think that's going to be fixed > by upstream before stretch. This is sadly still true :/ I'm reducing the severity of this bug report because (a) we understand the issue, and (b) it's not actually an issue on the debian buildd infrastructure (the arch-all builder did not hang in the way that Santiago reported). Please also see https://bugs.debian.org/850094 for more general discussion of similar situations. The issue is still unresolved, but i'm not sure how to fix it, and i don't think that it should make the package be removed from stretch, so i don't think this issue is RC. I hope this severity change is understandable. Regards, --dkg
signature.asc
Description: PGP signature
