2016-06-16 12:48 GMT+02:00 Emmanuel Bourg <ebo...@apache.org>: > Le 16/06/2016 à 11:52, Rémy Maucherat a écrit : > > > Tomcat's > > strategy avoids any risk to delay user requests, so is not effectively > > worse than the other strategy. > > Maybe the SecureRandom instance could be initialized asynchronously and > delivered through a java.util.concurrent.Future? This way it doesn't > block the startup, and it's likely to be fully initialized when the > first requests arrive if we consider that the startup helps generating > more entropy. > > The rationale behind the change is still that if things go bad it's better to screw up the user than have the admin do its job properly.
Rémy
