Re: Better communication about spectre/meltdown
- To: Emilio Pozuelo Monfort <pochu@debian.org>
- Cc: Ben Hutchings <ben@decadent.org.uk>, Antoine Beaupré <anarcat@orangeseeds.org>, Moritz Mühlenhoff <jmm@inutil.org>, debian-lts@lists.debian.org, team@security.debian.org
- Subject: Re: Better communication about spectre/meltdown
- From: Roberto C. Sánchez <roberto@debian.org>
- Date: Sun, 1 Apr 2018 13:37:29 -0400
- Message-id: <[🔎] 20180401173728.mkcl5gtzd6kpwzgc@connexer.com>
- Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, Emilio Pozuelo Monfort <pochu@debian.org>, Ben Hutchings <ben@decadent.org.uk>, Antoine Beaupré <anarcat@orangeseeds.org>, Moritz Mühlenhoff <jmm@inutil.org>, debian-lts@lists.debian.org, team@security.debian.org
- In-reply-to: <[🔎] 0973c9dc-7377-51de-ac9f-ac3a8610d03d@debian.org>
- References: <20180301125645.wt3nkodmksce3a6v@connexer.com> <1520087480.2617.367.camel@decadent.org.uk> <20180303151806.widvs35uya6se2x3@santiago.connexer.com> <1520090534.2617.370.camel@decadent.org.uk> <20180303160712.3xrlbel5vdgmy47e@connexer.com> <1520109616.2617.381.camel@decadent.org.uk> <1520561116.2495.24.camel@decadent.org.uk> <1521505828.2495.198.camel@decadent.org.uk> <[🔎] 20180401114855.kkpvfzbqiwm4h7la@connexer.com> <[🔎] 0973c9dc-7377-51de-ac9f-ac3a8610d03d@debian.org>
On Sun, Apr 01, 2018 at 05:04:03PM +0200, Emilio Pozuelo Monfort wrote:
>
> Your new GCC builds binaries such as libgcc1 and libstdc++6. That is going to
> affect nearly all the archive at runtime, and I wonder if it's the right
> approach. We introduced GCC 4.8 in wheezy, named gcc-mozilla (a bad name I know)
> which didn't build these libraries, so it didn't affect the rest of the archive,
> which was still building with GCC 4.6 or 4.7 (depending on the architecture).
>
> One option here would be to use your gcc-4.9 with the gcc-mozilla packaging to
> build everything in one binary, we'd only need to make sure that
> firefox/thunderbird are still happy about it. Perhaps that's just complicating
> things, so I'm not opposed to introducing gcc-4.9. Just wondering about the
> consequences of the library updates.
>
That is interesting. I had not considered that particular aspect. It
definitely sounds like caution is warranted here.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: