Hi Guillem,
On Thu, Aug 31, 2023 at 02:12:51AM +0200, Guillem Jover wrote:
> So this happened, and Johannes reported that this seems to be breaking
> cross-building. :(
>
> The problem, which is in fact not new, but is made way more evident
> now, is that the flags used are accepted only per
Hi Guillem,
On 2023-08-31 02:12, Guillem Jover wrote:
> So this happened, and Johannes reported that this seems to be breaking
> cross-building. :(
>
> The problem, which is in fact not new, but is made way more evident
> now, is that the flags used are accepted only per arch, so when
> passing
Hi!
On Sun, 2023-08-27 at 12:51:53 +0200, Guillem Jover wrote:
> On Tue, 2023-06-27 at 16:09:40 +0100, Wookey wrote:
> > OK. We're all agreed on that then. Guillem can stick it in the next
> > dpkg upload.
So this happened, and Johannes reported that this seems to be breaking
cross-building. :(
Hi!
On Tue, 2023-06-27 at 16:09:40 +0100, Wookey wrote:
> On 2023-06-27 16:58 +0200, Moritz Mühlenhoff wrote:
> > Am Wed, Jun 21, 2023 at 05:41:36PM +0200 schrieb Emanuele Rocca:
> > > On 2022-10-26 08:20, Moritz Mühlenhoff wrote:
> > > > I think this should rather be applied early after the
On 2023-06-27 16:58 +0200, Moritz Mühlenhoff wrote:
> Am Wed, Jun 21, 2023 at 05:41:36PM +0200 schrieb Emanuele Rocca:
> > Hey Moritz,
> >
> > On 2022-10-26 08:20, Moritz Mühlenhoff wrote:
> > > I think this should rather be applied early after the Bookworm
> > > release (and ideally we can also
Am Wed, Jun 21, 2023 at 05:41:36PM +0200 schrieb Emanuele Rocca:
> Hey Moritz,
>
> On 2022-10-26 08:20, Moritz Mühlenhoff wrote:
> > I think this should rather be applied early after the Bookworm
> > release (and ideally we can also finish off the necessary testing
> > and add
Hey Moritz,
On 2022-10-26 08:20, Moritz Mühlenhoff wrote:
> I think this should rather be applied early after the Bookworm
> release (and ideally we can also finish off the necessary testing
> and add -fstack-clash-protection at least for amd64 and other archs
> which are ready for it (#918914)).
On Nov 01, Sebastian Ramacher wrote:
> > this change is only targeted at two archs, which I'd hope could cope with
> > it.
> If we ignore/break MA: same co-installability, sure.
Sure, but this means that a much smaller subset of packages will need to
be rebuilt on all architectures.
--
ciao,
On Tue, Nov 01, 2022 at 01:09:39AM +0100, Sebastian Ramacher wrote:
> > this change is only targeted at two archs, which I'd hope could cope with
> > it.
> If we ignore/break MA: same co-installability, sure.
point taken, thanks!
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
On 2022-10-31 23:28:21 +, Holger Levsen wrote:
> On Thu, Oct 27, 2022 at 12:27:12AM +0200, Sebastian Ramacher wrote:
> > Some of the architectures already have a hard time keeping up with the
> > normal load.
>
> this change is only targeted at two archs, which I'd hope could cope with it.
On Thu, Oct 27, 2022 at 12:27:12AM +0200, Sebastian Ramacher wrote:
> Some of the architectures already have a hard time keeping up with the
> normal load.
this change is only targeted at two archs, which I'd hope could cope with it.
> Enabling these flags as soon as the trixie release cycle
On 2022-10-26 20:20:48 +0200, Moritz Mühlenhoff wrote:
> Wookey wrote:
> > So the immediate issue now is whether or not to enable this by default
> > in bookworm?
>
> The majority of packages will not be rebuilt until the release, so
> if we add this now it means that packages pick up the change
On 2022-10-26 14:23 -0500, Richard Laager wrote:
>
> How hard would it be to rebuild everything?
>
> I don't actually know what facilities Debian has for that. Would it be a
> binNMU of everything?
It would. We don't do that.
In the past it would have wildly overloaded our buildds. Such a
On 10/26/22 13:20, Moritz Mühlenhoff wrote:
Wookey wrote:
So the immediate issue now is whether or not to enable this by default
in bookworm?
The majority of packages will not be rebuilt until the release
How hard would it be to rebuild everything?
I don't actually know what facilities
Wookey wrote:
> So the immediate issue now is whether or not to enable this by default
> in bookworm?
The majority of packages will not be rebuilt until the release, so
if we add this now it means that packages pick up the change when
they are rebuilt in stable via a security update or point
On 2022-10-25 16:10 +0100, Simon McVittie wrote:
> On Tue, 25 Oct 2022 at 15:34:26 +0100, Wookey wrote:
> > These are hardware features (new instructions) that 'tag' pointers and
> > branch targets to make it much harder for malicious code to implement
> > ROP (return oriented programming) and JOP
On Tue, 25 Oct 2022 at 15:34:26 +0100, Wookey wrote:
> These are hardware features (new instructions) that 'tag' pointers and
> branch targets to make it much harder for malicious code to implement
> ROP (return oriented programming) and JOP (Jump oriented programming)
> attacks.
>
> They have
I have been in discussion with Guillem about enabling the various
branch protection mechanisms available on newer x86 and arm CPUs.
These are hardware features (new instructions) that 'tag' pointers and
branch targets to make it much harder for malicious code to implement
ROP (return oriented
18 matches
Mail list logo
