On Tue, Sep 02, 2025 at 05:46:27PM +0200, Andrea Pappacoda wrote:
I personally find the argument of whether Marcos' CPU is supported not really persuasive, since, if I got this correct, that compiler option is doing nothing good and just causing issues to a subset of our users.
I think that this is what the entire thing boils down. I am unwilling to disable that compiler option if there is a feather of a possibility that doing so would decrease security for systems that do support the opcode in question.
If we (that means Debian, the TC or some other part that I have trust in) come to the consensus that it all our release architectures are well served with full security even if -fcf-protection is just set for x86_64, I am fine with doing that changes and providing an appropriately patched version for bookworm (and trixie).
I am not close enough to this level of systems programming to have my own informed knowledge about this matter, but I need that advice coming from a body that I trust.
We had the OpenSSL random generator desaster from 2008 originating from not well given upstream advice, and I don't want to repeat this.
Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
