Am 26.10.18 um 14:48 schrieb Ben Hutchings: > On Thu, 2018-10-25 at 11:32 +0200, Peter Dreuw wrote: >> Am 25.10.18 um 10:08 schrieb Peter Dreuw: >> may one point to make it clear, tho it might be obvious to most of you: >> >> We can apply fixes to the original Xen 4.4 version and have done >> everything possible - without a fixed kernel, there is no mitigation of >> spectre/meltdown. > By "kernel", do you mean the Xen kernel or the guest kernel? Both. > The Linux > kernel in jessie does have mitigations for Meltdown (amd64 only), > Spectre variants 1 and 2, and several other speculation issues. You are talking of the 4.9 kernel package, aren't you? With this, people would be safe if we manage to fix Xen, yes. But I'm afraid, the folks out there that stick to the 3.16 kernel would not. For LTS distributions, this might be a problem, I think, as people might tend to stick to the older versions to keep ancient software unchanged/untouched. But that's beyond my topic here and of course, we can't really help them. > The non-free section for jessie also has the new microcode for Intel > processors. yes I know. The microcode updates are necessary, too - afaik. >> The same applies to any other virtualization solution. >> So people have to work with a more recent Kernel or live with unfixed >> spectre/meltdown issues. If you are using a backports kernel, you might >> be willing to use a backports Xen package, too. > The backports suites aren't supported during the LTS period. So if we > provide a newer Xen for jessie it will need to be as an additional > source package, and that must not build any binary packages that are > built from the "xen" source package. I did this for the Linux kernel > by adding the "linux-4.9" source package. oh, ok. I'm not too deep in this distribution policy, sorry for my misunderstanding. Cheers Peter -- Peter Dreuw Teamleiter Tel.: +49 2166 9901-155 Fax: +49 2166 9901-100 E-Mail: Peter.Dreuw@credativ.de gpg fingerprint: 33B0 82D3 D103 B594 E7D3 53C7 FBB6 3BD0 DB32 ED41 http://www.credativ.de/ ********************************************** Jetzt neu: Elephant Shed - PostgreSQL Appliance PostgreSQL und alles was dazugehört Von Backup über Monitoring bis Reporting: https://elephant-shed.io/index.de.html ********************************************** credativ GmbH, HRB Mönchengladbach 12080 USt-ID-Nummer: DE204566209 Trompeterallee 108, 41189 Mönchengladbach Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer Unser Umgang mit personenbezogenen Daten unterliegt folgenden Bestimmungen: https://www.credativ.de/datenschutz
begin:vcard fn:Peter Dreuw n:Dreuw;Peter org:credativ GmbH;Team Support adr;quoted-printable:;;Trompeter Allee 108;M=C3=B6nchengladbach;Nordrhein-Westfalen;41189;Deutschland email;internet:peter.dreuw@credativ.de title:Teamleiter tel;work:+4921669901155 tel;fax:+4921669901100 note;quoted-printable:gpg fingerprint: 33B0 82D3 D103 B594 E7D3 53C7 FBB6 3BD0 DB32 ED41=0D=0A= =0D=0A= credativ GmbH, HRB M=C3=B6nchengladbach 12080=0D=0A= USt-ID-Nummer: DE204566209=0D=0A= Gesch=C3=A4ftsf=C3=BChrung: Dr. Michael Meskes, J=C3=B6rg Folz, SaschaHeu= er url:www.credativ.de version:2.1 end:vcard
Attachment:
signature.asc
Description: OpenPGP digital signature