Description
math/rand has several known and documented problems (see #21835) and it's easily mistaken for crypto/rand (see #20661). This is a proposal to move it out of the standard library, which would give several advantages.
- Easier ability to implement other sources and tweak it's performance or space usage
- Removal accidental use (when developer should have used
crypto/rand)
The go fix tool could rewrite imports to x/math/rand or default to crypto/rand. There are real use cases for a deterministic generator (jitter, tests, etc) so we shouldn't remove it entirely. We should gather uses of math/rand that crypto/rand doesn't satisfy.