> Dmitrij D. Czarkoff wrote: > > Stuart Henderson said: > > > glib2 is a pretty clean port patch-wise. This sort of thing would be > > > better done with proper autoconf etc so it can go upstream. > > > > Totally agree. It would be best if upstream would maintain the code. > > They could benefit from arc4random on other BSDs and libbsd-enabled > > platforms as well. > > Makes sense - I'm working on this now. > > Anecdocally, libbsd's arc4random is not necessarily secure. IIUC the > code isn't as glaringly dangerous as g_rand*, but it will seed with only > the time and PID if other sources fail. I think we should avoid > conflating BSDs' arc4randoms with libbsd's.
Who cares if libbsd is doing it badly. But that is not our problem. We don't use libbsd. And for those who do? Eventually someone who uses libbsd will get upset and demand that libbsd do the job better, or they will do it themselves by importing a better arc4random, or convincing other libraries to add one. Because what is the alternative solution? Layers of #ifdef? Is that really the only answer to making anything better -- by hard-wiring in choices that will stick until the end of time? You realize that is the story for how OpenSSL-using applications got addicted to EGD? It took almost two years of aggressive user requests to clean up the ecosystem. So why not just stick to arc4random, and hope that eventually everyone accepts that is the only contender for high-availability, chroot-safe, jail-safe, fd-exhaustion-safe, etc? And then, call the job done.
