> > https://github.com/libressl-portable/portable/tree/master/m4 > > has autoconf checks with an OS whitelist for arc4random. > > It would be nice to keep things similar to these so that > > updates can be merged across from newer versions easily. > > I disagree. > > > libressl is making extremely conservative decisions, to protect > the way that libressl is (1) used and (2) seen.
Furthermore, libressl makes that decision to decide if it should provide a *better replacement*. In the library being discussed here it is quite likely that a shitty arc4random() is still better than most other things it has available. Unless the goal is to keep everyone using customized non-standardized /dev/urandom codepaths (if it hits fd-exhaustion, does the library call _exit or abort? Good luck with satisfying people..)
