Better communication about spectre/meltdown

To: team@security.debian.org, debian-lts@lists.debian.org
Subject: Better communication about spectre/meltdown
From: Raphael Hertzog <hertzog@debian.org>
Date: Thu, 8 Feb 2018 16:10:03 +0100
Message-id: <[🔎] 20180208151003.GA24080@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, team@security.debian.org, debian-lts@lists.debian.org

Hello everybody,

I have had enquiries of LTS sponsors about the status of spectre/meltdown
mitigations in Debian. I tried to answer but even for me as an insider who
knows the ins and outs of Debian rather well, it's really difficult for me
to be able to answer.

IMO we should really try to maintain a page like most vendors are doing.
Here's what ubuntu did:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

Can we get something similar done for Debian?

Can someone share our plans to addresse spectre variant 1 and 2?
Have the patches matured enough at the upstream level so that they can be
considered for backporting?

Who is in charge of backporting the retpoline patches to our old gcc
versions?

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to:

Follow-Ups:
- Re: Better communication about spectre/meltdown
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Re: MySQL 5.5 EOL before Debian 8 LTS ends
Next by Date: Re: krb5 security vulnerabilities
Previous by thread: Re: MySQL 5.5 EOL before Debian 8 LTS ends
Next by thread: Re: Better communication about spectre/meltdown
Index(es):
- Date
- Thread