On Wed, Dec 26, 2018 at 5:46 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> I think pg_strong_random is overkill, and overly expensive, for
> most if not all of the existing callers of random(). We already
> changed the ones where it's important to be strong ...
+1.
There was a controversy a bit like this in the Python community a few
years ago [1]. I don't think you can trust somebody to write Postgres
backend code but not trust them to understand the security issues with
a fast user-space PRNG (I think that I'd be willing to say the same
thing about people that write Python programs of any consequence).
It's always possible to make a change that might stop someone from
introducing a bug. The question ought to be: why this change, and why
now?
[1] https://lwn.net/Articles/657269/
--
Peter Geoghegan