>>>>> Eli Zaretskii writes: > We have what we need; calling gnutls_rnd changes nothing in this regard. > It's just a more complex way of issuing the same system calls. It buys us > nothing in terms of security and performance, while we sustain the price of > having core functionality that must run at startup crucially depending on a > 3rd party library we don't control. > John, I feel this decision is wrong and the changes that prefer gnutls_rnd > should be reverted. Maybe I'm the only one who cares, but then Paul is the > only one who felt the need to make that change. I'd like to hear your take > on this, please. From what I've read, I agree with you Eli. If we can open /dev/urandom, why do we need a dependency on GnuTLS to effectively do the same thing? What critical feature is GnuTLS buying for us that would make this worthwhile, Paul? -- John Wiegley GPG fingerprint = 4710 CF98 AF9B 327B B80F http://newartisans.com 60E1 46C4 BD1A 7AC1 4BA2