Question: Is there a nonzero chance of a PHP application running at boot
time on an older GNU/Linux machine? If so, should we adopt this "unseeded
CSPRNG" mitigation employed by libsodium for ancient Linux kernels?
This could be done as a security patch for PHP 7.0.x if there's any concern
about startup entropy e.g. on embedded devices.
I'm not aware of any such projects being written in PHP, so my intuition is
this is a non-issue for us.
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>