Re: Enabling branch protection on amd64 and arm64

To: debian-devel@lists.debian.org
Subject: Re: Enabling branch protection on amd64 and arm64
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 26 Oct 2022 20:20:48 +0200
Message-id: <[🔎] slrntliuk0.l9g.jmm@inutil.org>
References: <[🔎] 20221025143425.GJ27919@mail.wookware.org>

Wookey wrote:
> So the immediate issue now is whether or not to enable this by default
> in bookworm?

The majority of packages will not be rebuilt until the release, so
if we add this now it means that packages pick up the change when
they are rebuilt in stable via a security update or point release.
That's not very appealing, independent of the supposed low risk
factor.

I think this should rather be applied early after the Bookworm
release (and ideally we can also finish off the necessary testing
and add -fstack-clash-protection at least for amd64 and other archs
which are ready for it (#918914)).

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Enabling branch protection on amd64 and arm64
  - From: Richard Laager <rlaager@debian.org>
- Re: Enabling branch protection on amd64 and arm64
  - From: Sebastian Ramacher <sramacher@debian.org>

References:
- Enabling branch protection on amd64 and arm64
  - From: Wookey <wookey@wookware.org>

Prev by Date: Bug#1022834: ITP: golang-opentelemetry-contrib -- Collection of 3rd-party packages for OpenTelemetry-Go
Next by Date: Re: Enabling branch protection on amd64 and arm64
Previous by thread: Re: Enabling branch protection on amd64 and arm64
Next by thread: Re: Enabling branch protection on amd64 and arm64
Index(es):
- Date
- Thread