Uniting the Linux random-number devices

That's not right. Both give you bits from a CSPRNG, they work exactly the same. It has to be that way — the entropy collected from most sources isn't fully random, so you need some process to extract the entropy from it and a CSPRNG is a good way to do that.

Originally /dev/random made some guess of when entropy was "depleted", but that didn't really make sense — one effect of a PRNG being cryptography secure is it doesn't deplete the entropy. So a while back, that was removed.

An attacker can gain no knowledge of the CSPRNG's state from its output (well, at least not without an impossible number of them, like 2^128). It doesn't matter if they have a few billion or trillion.

And Linux keeps mixing in new entropy, so the internal state changes over time.