Just a heads up that the Linux kernel 5.17 and 5.18 have major improvements in random number implementation. Looks like a must for all Linux distros, especially security appliances.
IT news site has easy to read summary, plus links to more detailed info:
Hi,
thank you for posting this one.
Skimming through it, I do not believe we at IPFire are in the need to rush things here. In the past, we put a lot of effort in making sure an IPFire installation has sufficient entropy available. True, improving things is always better, but switching to an non-LTS-kernel increases maintenance effort by orders of magnitude, and I do not believe it is worth it.
Hopefully, these changes get backported to LTS-kernels, so we can pick them up from there.
Thanks, and best regards,
Peter Müller
I would never expect you guys to use a non-LTS kernel.
As you say, might get backported, if not will be in a later LTS release.
Not coded for years, but quite shocking how long it has taken to be implemented in Linux.
Here soon, that is the main thing.
They won’t, and they are not as stable, yet since people have been reporting problems which caused that some parts of this patchset had to be reverted:
https://lkml.org/lkml/2022/3/22/736
This is very valuable work, but just because the media has picked up a story doesn’t mean that we do not let this ripe a little bit before we roll it out.