On 29 January 2018 at 13:35, Michael Fothergill < michael.fotherg...@gmail.com> wrote:
> > > On 29 January 2018 at 13:28, deloptes <delop...@gmail.com> wrote: > >> Michael Fothergill wrote: >> >> > I accept that are some kernels that you could run in stable apparently >> > that address the security issue etc. >> > I apologise for inaccuracy there. >> > But perhaps not all of what I posted is BS. >> >> You can run any kernel in stable >> >> I just build 4.14 >> >> make oldconfig >> make -j4 deb-pkg >> >> what has gcc7 to do with the patches is unclear to me, but I admit I have >> never worried about. >> > > I thought you had to have gcc7 because it included a backport of some > code used in GCC 8 that was needed to allow e.g. the spectre fix to work > properly......... > > If you could use any compiler to do it then earlier my post truly would be > BS. > PS as I understand (correct me if I am wrong) the compiler needs to be GCC 7.3.0 or greater (I believe the 7.2 rc2 also works); if you used a compiler earlier that you would get a kernel that works OK in very respect except the for spectre fix itself. The spectre-meltdown checker if you ran it (as I did in gentoo with the 7.2.1 compiler or whatever it was) said that the compiler I used was not capable of properly installing the spectre fix so it was not enabled. GCC 7.3.0 is now available in Debian sid. Cheers MF > > > Cheers > > MF > >> >> My conclusion to this Spectre and Meltdown hysteria is, that a single >> machine in a secure environment is not exactly endangered. >> People should better take care of their mobile devices, especially phones >> and tablets, where you need neither Spectre nor Meltdown to compromise. >> >> regards >> >> >