Re: Better communication about spectre/meltdown

To: Emilio Pozuelo Monfort <pochu@debian.org>
Cc: Ben Hutchings <ben@decadent.org.uk>, Antoine Beaupré <anarcat@orangeseeds.org>, Moritz Mühlenhoff <jmm@inutil.org>, debian-lts@lists.debian.org, team@security.debian.org
Subject: Re: Better communication about spectre/meltdown
From: Roberto C. Sánchez <roberto@debian.org>
Date: Sun, 1 Apr 2018 13:37:29 -0400
Message-id: <[🔎] 20180401173728.mkcl5gtzd6kpwzgc@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, Emilio Pozuelo Monfort <pochu@debian.org>, Ben Hutchings <ben@decadent.org.uk>, Antoine Beaupré <anarcat@orangeseeds.org>, Moritz Mühlenhoff <jmm@inutil.org>, debian-lts@lists.debian.org, team@security.debian.org
In-reply-to: <[🔎] 0973c9dc-7377-51de-ac9f-ac3a8610d03d@debian.org>
References: <20180301125645.wt3nkodmksce3a6v@connexer.com> <1520087480.2617.367.camel@decadent.org.uk> <20180303151806.widvs35uya6se2x3@santiago.connexer.com> <1520090534.2617.370.camel@decadent.org.uk> <20180303160712.3xrlbel5vdgmy47e@connexer.com> <1520109616.2617.381.camel@decadent.org.uk> <1520561116.2495.24.camel@decadent.org.uk> <1521505828.2495.198.camel@decadent.org.uk> <[🔎] 20180401114855.kkpvfzbqiwm4h7la@connexer.com> <[🔎] 0973c9dc-7377-51de-ac9f-ac3a8610d03d@debian.org>

On Sun, Apr 01, 2018 at 05:04:03PM +0200, Emilio Pozuelo Monfort wrote:
> 
> Your new GCC builds binaries such as libgcc1 and libstdc++6. That is going to
> affect nearly all the archive at runtime, and I wonder if it's the right
> approach. We introduced GCC 4.8 in wheezy, named gcc-mozilla (a bad name I know)
> which didn't build these libraries, so it didn't affect the rest of the archive,
> which was still building with GCC 4.6 or 4.7 (depending on the architecture).
> 
> One option here would be to use your gcc-4.9 with the gcc-mozilla packaging to
> build everything in one binary, we'd only need to make sure that
> firefox/thunderbird are still happy about it. Perhaps that's just complicating
> things, so I'm not opposed to introducing gcc-4.9. Just wondering about the
> consequences of the library updates.
> 

That is interesting. I had not considered that particular aspect. It
definitely sounds like caution is warranted here.

Regards,

-Roberto
-- 
Roberto C. Sánchez

Reply to:

Follow-Ups:
- Re: Better communication about spectre/meltdown
  - From: Ben Hutchings <ben@decadent.org.uk>

References:
- Re: Better communication about spectre/meltdown
  - From: Roberto C. Sánchez <roberto@debian.org>
- Re: Better communication about spectre/meltdown
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

Prev by Date: Re: [SECURITY] [DLA 1334-1] mosquitto security update
Next by Date: Re: [SECURITY] [DLA 1334-1] mosquitto security update
Previous by thread: Re: Better communication about spectre/meltdown
Next by thread: Re: Better communication about spectre/meltdown
Index(es):
- Date
- Thread