Hello everybody, I have had enquiries of LTS sponsors about the status of spectre/meltdown mitigations in Debian. I tried to answer but even for me as an insider who knows the ins and outs of Debian rather well, it's really difficult for me to be able to answer.
IMO we should really try to maintain a page like most vendors are doing. Here's what ubuntu did: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown Can we get something similar done for Debian? Can someone share our plans to addresse spectre variant 1 and 2? Have the patches matured enough at the upstream level so that they can be considered for backporting? Who is in charge of backporting the retpoline patches to our old gcc versions? Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
