The Linux man page keeps getting mentioned, but what the current fallback code is actually doing is simply looking for any device named `/dev/urandom` on the host system: https://github.com/ruby/ruby/blob/62b6e90d583e0a1c2be538a42640d...cjcsuhta (Corey Csuhta)
I strongly support the creation of a policy "with teeth". It is not sufficient to list the ways that people should be nice, or to point at MINASWAN. You must strongly assert that the Ruby community is a welcoming place by **also taking r...cjcsuhta (Corey Csuhta)
Possible regression: In Ruby 2.2.3, naked percent-notation was allowed in keyword arguments without spacing, like this: ~~~ $ ruby -v ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin15] $ ruby -e "def foo(x:%i[a b c]...cjcsuhta (Corey Csuhta)
Akira, can you address this point? > SecureRandom in Ruby will use /dev/urandom if OpenSSL is not available, based on the code snippet I linked in the original post. This is contrary to your statement that /dev/urandom is not safe fo...cjcsuhta (Corey Csuhta)
The `random(4)` manpage on Linux isn't accurate in this reguard. You **can** use it as more than just a seed source, and you can use it as frequently as you want. On modern Linux, both `/dev/random` and `/dev/urandom` are [CSPRNG](htt...cjcsuhta (Corey Csuhta)
Right now, `SecureRandom.random_bytes` tries to detect an OpenSSL to use before it tries to detect `/dev/urandom`. I think it should be the other way around. In both cases, you just need random bytes to unpack, so SecureRandom could skip...cjcsuhta (Corey Csuhta)
cjcsuhta (Corey Csuhta)06:08 PM Ruby Bug #9569: SecureRandom should try /dev/urandom first