On 2016/05/17 18:16, Michael McConville wrote: > Dmitrij D. Czarkoff wrote: > > Stuart Henderson said: > > > glib2 is a pretty clean port patch-wise. This sort of thing would be > > > better done with proper autoconf etc so it can go upstream. > > > > Totally agree. It would be best if upstream would maintain the code. > > They could benefit from arc4random on other BSDs and libbsd-enabled > > platforms as well. > > Makes sense - I'm working on this now. > > Anecdocally, libbsd's arc4random is not necessarily secure. IIUC the > code isn't as glaringly dangerous as g_rand*, but it will seed with only > the time and PID if other sources fail. I think we should avoid > conflating BSDs' arc4randoms with libbsd's. >
https://github.com/libressl-portable/portable/tree/master/m4 has autoconf checks with an OS whitelist for arc4random. It would be nice to keep things similar to these so that updates can be merged across from newer versions easily.
