Not sure what you're talking about, because one of the major complaints with the recent LibreSSL release was that in the event there was no reliable entropy source, it happily used an unreliable one.
LibreSSL does that because the FAIL_INSTEAD_OF_TRYING_FALLBACK is off by default, but the source clearly says it's not a good thing:
"This code path exists to bring light to the issue that Linux does not provide a failsafe API for entropy collection.".
Incidentally, OSX has nearly the same issue, as does Solaris.
For maximum security, define FAIL_INSTEAD_OF_TRYING_FALLBACK and if there's no reliable entropy source, LibreSSL won't try to use a bad one from the OS.
Is the portable LibreSSL library being written by the OpenBSD folks or someone maintaining a fork? My impression of their plans was that they would focus on OpenBSD first and foremost and once they were happy with it, then would be the right time to start porting it to other platforms (or any platform which provides the same guarantees as OpenBSD's API could already use it).
And I expect my car to provide a reliable form of transportation, but if I turn the key in the morning and chickens fly out from under the hood, I stop what I'm doing, I don't keep driving to work.
Agreed. Maybe the default in LibreSSL should be swapped from "go ahead and use this fallback faux-entropy if we have to" to "fail if we can't get good entropy". It'd be a matter of changing and undef to a def in the code.
Incidentally, OSX has nearly the same issue, as does Solaris.
For maximum security, define FAIL_INSTEAD_OF_TRYING_FALLBACK and if there's no reliable entropy source, LibreSSL won't try to use a bad one from the OS.