>: 	given the increasing number of crypto-ish tools used in the system,
>: 	I'm wondering if it is a good idea to enable rnd(4) device by default,
>: 	in sys/conf/files.  it is rather hard for us to enforce its
>: 	availability by having it in all kernel configuration file.
>: 	what do people think?  are there any real trouble if we enable it
>: 	by default?
>It should be fine remaining in kernel config files.
>We should make *more* kernel trimming options available, not less.

	well that depends... rnd(4) is mandatory for using ssh/sshd,
	which are 99% mandatory for every machines around here.  also note
	that with no rnd(4) some software fails badly with poor random number
	generator (there can be other way to fix, but there's no general
	solution other than to provide a good rnd(4)).

	maybe the part of the problem is that we cannot remove devices/options
	in kernel configuration file.

itojun