On Mon, Jul 28, 2025 at 06:14:20PM +0200, Daniel Gustafsson wrote: > On 28 Jul 2025, at 17:29, Jacob Champion <jacob.champ...@enterprisedb.com> > wrote: >> To move this forward a tiny bit: I would be okay with maintaining a >> new getentropy() case. (I'm less excited about getrandom() because of >> its reduced reach.) And maybe down the line we should discuss choosing >> an option at configure time? > > I would not be opposed to starting there.
Both of you know the options of these areas of the code more than the average committer, I think, so if you think that getentropy() could be a good choice, while making the choice configurable to give the possibility to be outside of OpenSSL, why not. My understanding of the problem is that it is a choice of efficiency vs entropy, and that it's not really possible to have both parts of the cake. If we make that configurable, documentation sounds like the key point to me, to explain which one has more benefits over the other. Could getentropy() be more efficient at the end on most platforms, meaning that this could limit the meaning of having a GUC switch? Having it in POSIX is appealing with the long-term picture in mind.. -- Michael
signature.asc
Description: PGP signature
