On Wed, Dec 26, 2018 at 5:46 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > I think pg_strong_random is overkill, and overly expensive, for > most if not all of the existing callers of random(). We already > changed the ones where it's important to be strong ...
+1. There was a controversy a bit like this in the Python community a few years ago [1]. I don't think you can trust somebody to write Postgres backend code but not trust them to understand the security issues with a fast user-space PRNG (I think that I'd be willing to say the same thing about people that write Python programs of any consequence). It's always possible to make a change that might stop someone from introducing a bug. The question ought to be: why this change, and why now? [1] https://lwn.net/Articles/657269/ -- Peter Geoghegan
