On 18.11.2016 18:15, Clemens Gruber wrote:
> It's probably a bad idea to just patch python for every PTXdist user.
> Not everybody is willing to trade security for faster start times.

Judging from Python-3.5.0/Python/random.c:118, it will use the
getrandom() syscall with flags=0, and according to the getrandom(2) man
page, this will read from /dev/urandom, and also block if the
nonblocking entropy pool is not initialized yet. (The man page also
mentions explicitly that the random bytes returned by it can be used for
cryptographic purposes, for all else, see Filippo Valsordas talk at 32c3
[0] ;-)) So, even if it does not solve the original problem (long boot
times), I see nothing wrong with doing this for every user.

[0]: https://www.youtube.com/watch?v=Q8JAlZ-HJQI

> Besides, not having enough entropy will lead to other problems as well.

Oh, could you please elaborate on that? :-)

 - Roland