Re: Better communication about spectre/meltdown
Hello,
On Thu, 08 Feb 2018, Raphael Hertzog wrote:
> I have had enquiries of LTS sponsors about the status of spectre/meltdown
> mitigations in Debian. I tried to answer but even for me as an insider who
> knows the ins and outs of Debian rather well, it's really difficult for me
> to be able to answer.
>
> IMO we should really try to maintain a page like most vendors are doing.
> Here's what ubuntu did:
> https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
>
> Can we get something similar done for Debian?
No answer so far. Maybe someone should just go ahead and try to create
something like this, asking the relevant persons for the required data.
> Who is in charge of backporting the retpoline patches to our old gcc
> versions?
On IRC I learned that Moritz Muehlenhoff (jmm) started the work of
bakcporting retpoline to gcc-4.9 for jessie. We need to do the same
for gcc-4.6 (and maybe gcc-4.7) in wheezy. gcc-4.6 is used for the
kernel build so that's the important target really.
I have added items to dla-needed.txt so that someone takes care of this.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
Reply to: