Re: retpoline-enabled GCC build for jessie

[Moritz Mühlenhoff <jmm@inutil.org>]

Moin,

Holger Levsen <holger@layer-acht.org> schrieb:
> I have a stupid/uninformed question: is this gcc only useful for
> rebuilding the kernel or would it "in theory" (and practice) be better
> to rebuild everything with it? (of course the latter is probably not really
> practical for Debian, but others could do it more easily.)

The immediate specific need for the GCC update in oldstable and stable
is the Linux kernel, there are no plans to rebuild other packages in
released distributions at this point.

We might add this to the dpkg-buildflags default flags for buster
as a generic hardening measure, but that requires additional
work/consideration/discussion. Fortunately the buster freeze is
still quite some time away, so we're in the comfortable position
to evaluate without time pressure.

Cheers,
        Moritz