But saying /dev/urandom is best effort doesn't change those expectations, in fact it keeps those expectations the same. Saying most apps, "don't work on early-boot stuff" so aren't affected doesn't mean we should risk breaking systems who will inevitably have software that is going to run during early boot.
It just feels like the argument for this change is, this is irrelevant for 99.99% of applications, so who cares? The 0.01% care!
EDIT:
> Switching /dev/urandom to GRND_INSECURE now would therefore be a potentially bad idea
And, again, maybe I'm misunderstanding. The Jason Donenfeld email seems to say this is effectively the behavior we have. Ie, no guarantees of "initialization" or "sufficient entropy" on the urandom device.
It just feels like the argument for this change is, this is irrelevant for 99.99% of applications, so who cares? The 0.01% care!
EDIT:
> Switching /dev/urandom to GRND_INSECURE now would therefore be a potentially bad idea
And, again, maybe I'm misunderstanding. The Jason Donenfeld email seems to say this is effectively the behavior we have. Ie, no guarantees of "initialization" or "sufficient entropy" on the urandom device.