[sarciszewski]

I like it.

Somewhat related anecdote: Trying go get WordPress to adopt a CSPRNG was painful for a year.

Then I started paragonie/random_compat and like 30 other people pitched in to improve it, and then I suggested just using that (so new code can be written against PHP 7's API). And so the problem was solved.

I'd tend to agree that, for security matters, a small team of people focused on success with the knowledge and/or resources they need to execute on their own initiatives gets a better result than a large team with varied interests and use cases.

[nickpsecurity]

Good job on winning that uphill battle. One of those little things that can prevent immeasurable damage given its userbase.

[sarciszewski]

That was my intention. Dion Hulse really pulled through on WP's end, and he's quick to pull in upstream changes into their trunk branch for testing. :)