diff --git a/expat/Changes b/expat/Changes
index 8abd3ef2..a5c9d39f 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -3,12 +3,11 @@ Release ??????????
                   CVE-2016-9063 -- Detect integer overflow
              #25  More integer overflow detection (function poolGrow)
                   Use high quality entropy for hash initialization:
-                    * arc4random_buf on BSD, systems with libbsd, CloudABI
+                    * arc4random_buf on BSD, systems with libbsd
+                      (when configured with --with-libbsd), CloudABI
                     * RtlGenRandom on Windows XP / Server 2003 and later
                     * getrandom on Linux 3.17+
                   In a way, that's still part of CVE-2016-5300.
-                  For packaging, feel free to configure using
-                  --(with|without)-libbsd to bypass auto-detection.
                   For run-time debug output, EXPAT_ENTROPY_DEBUG=1 can be used.
 
         Bug fixes:
diff --git a/expat/configure.ac b/expat/configure.ac
index 344f5146..b93a741d 100644
--- a/expat/configure.ac
+++ b/expat/configure.ac
@@ -101,8 +101,8 @@ AC_CHECK_FUNCS(memmove bcopy)
 
 
 AC_ARG_WITH([libbsd], [
-AS_HELP_STRING([--with-libbsd], [enforce use of libbsd])
-AS_HELP_STRING([--without-libbsd], [prohibit use of libbsd])])
+AS_HELP_STRING([--with-libbsd], [utilize libbsd (for arc4random_buf)])
+], [], [with_libbsd=no])
 AS_IF([test "x${with_libbsd}" != xno], [
   AC_CHECK_LIB([bsd], [arc4random_buf], [], [
     AS_IF([test "x${with_libbsd}" = xyes], [