[MIR] haveged

1. Availability
Haveged is in universe and builds on all architectures.

2. Rationale
The haveged package is *extremely* useful for headless server environments, and perhaps essential in Ubuntu cloud images where large amounts of entropy are needed (systems generating keys or doing encryption of any kind). Several packages would like to depend or recommend haveged (including overlayroot), in order to have sufficient entropy to generate strong keys.

3. Security
The package has no history of CVEs or other security vulnerabilities. Upstream publishes a set of entropy test results, notably the NIST statistical suite, at:
 * https://www.irisa.fr/caps/projects/hipsor/test.php

4. Quality Assurance
The package starts working immediately upon installation, adding entropy to /dev/random. There are no debconf questions. The current bugs in Launchpad only affect the Lucid, 32-bit version. The package is well maintained in Debian, having only 1 open bug, which is a wishlist item. The package does not deal with hardware.

5. UI Standards
These are not applicable to this command line daemon.

6. Dependencies
All dependencies are met by Ubuntu's Main repository.

7. Standards compliance
This package follows the FHS. Source package is clean and easy to understand. Binary is lintian clean. Source has one minor lintian warning.

8. Maintenance
The history of this package, with it's lack of bug reports, should make it very reasonable to maintain. I'm subscribed to its bugs in Launchpad.

9. Background information
No package renames. The description is fairly clear, if you have at least some understanding of entropy.

Security checks
 * No CVE or Secunia records
 * No suid or sgid bits on executables
 * The package itself is a daemon that runs as root, which is required to add entropy to /dev/random
 * The package opens no ports
 * The package is neither an add-on nor a plugin

Any word, Jamie?

AFAIK, Havege uses TSC drift as a random source of entropy, but recent CPUs now have an accurate TSC, so havege hasn't been generating random numbers for a while now. This is also an issue in certain virtualized environments.

PolarSSL had to switch away from using Havege as the basis of their RNG because of this issue:
http://polarssl.org/trac/wiki/SecurityAdvisory201102

NACK for the MIR.

I've been corrected: Havege doesn't use TSC drift, but is dependant on a correctly virtualized TSC which has been problematic in certain environments. I'm reopening this MIR, but am hesitant to commit to supporting this in main.