On Mon, 2018-02-26 at 14:40 -0500, Antoine Beaupré wrote: > On 2018-02-25 13:57:07, Roberto C. Sánchez wrote: > > On Sun, Feb 25, 2018 at 07:04:12PM +0100, Moritz Mühlenhoff wrote: > > > On Sun, Feb 25, 2018 at 08:54:06AM -0500, Roberto C. Sánchez wrote: > > > > Hi all, > > > > > > > > Please see my rather long-winded summary of the current state of the > > > > gcc-4.6/gcc-4.7 update. The bottom line is that I am looking for opions > > > > and/or guidance for how to proceed. > > > > > > Why 4.6 _and_ 4.7? Only the compiler used for building the amd64 3.2 kernel > > > is relevant here? > > > > > > > Both are triaged in dla-needed.txt. In any event, I have done no work at > > all on 4.7 at this point, other than to observe that my investigation > > into the differences in the option parsing code (which was the only > > significant difficulty I encountered in backport the 4.9 patches) made > > me think that backporting the 4.9 patches to 4.7 would be *easier* than > > the backport to 4.6. > > > > As far as I know, it has not been decided that 4.7 will be patched. > > jessie also has two gcc compilers from what I can tell (4.8 and 4.9) > yet, the security team is concentrating only on one (4.9). It seems like > we should do the same (concentrate on a single compiler). > > is there anything blocking the use of the 4.9 compiler in wheezy, short > of, of course, the backport itself? It's true it's kind of nuts to > introduce a *third* toolchain in a LTS update, but I wonder how feasible > it is to maintain the two that are already there in the long term, if > we're already having trouble with 4.6... > > Can't the wheezy kernel build with 4.7 or 4.9 correctly? I guess that > involves the buildds as well...? It will almost certainly build correctly with 4.9 on x86. AIUI the Spectre mitigations in gcc are x86-specific, so there's no value in changing it for ARM and there would be a risk of exceeding code size limits on armel. The kernel package already has provision for using different compiler versions per-architecture. Ben. > Note that only the 4.9.x series has seen upstream releases in the last > ~3 years. The last 4.7 release is 4.7.4, from june 2014, and for 4.6.x, > 4.6.4 in April 2013. Have anyone tried to contact upstream to see if > they are backporting those changes in any official capacity? -- Ben Hutchings This sentence contradicts itself - no actually it doesn't.
Description: This is a digitally signed message part