lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87o7ufwovp.fsf@oldenburg.str.redhat.com>
Date:   Thu, 13 Oct 2022 20:38:02 +0200
From:   Florian Weimer <fweimer@...hat.com>
To:     Mark Brown <broonie@...nel.org>
Cc:     "Jason A. Donenfeld" <Jason@...c4.com>,
        linux-toolchains@...r.kernel.org,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: gcc 5 & 6 & others already out of date?

* Mark Brown:

> On Thu, Oct 13, 2022 at 10:37:21AM -0600, Jason A. Donenfeld wrote:
>
>> Regarding "one extreme to the other", I suspect that in spite of my
>> arguments, which would seem to justify an extreme, the actual thing I
>> suggested is a bit more moderate: let's support the latest 2 or 3 gccs
>> at the time of kernel release. If we choose 3, that's roughly 3 years of
>> gccs, right? 3 years seems like a fairly long amount of time.
>
> I was looking at your suggestion there - as a Debian user that feels a
> touch enthusiastic (though practically probably not actually a problem)
> since it's not too far off the release cadence, current Debian is at GCC
> 10 and we're not due for another release till sometime next year which
> will be right on the three years.

Debian also has Clang 13, presumably for building Rust and Firefox.

> There does also seem to be a contingent of people running enterprise
> distros managed by an IT department or whatever who may take a while
> to get round to pushing out new versions so for example might still
> for example be running Ubuntu 20.04 rather than 22.04 (never mind the
> people I know are sitting on 18.04 but that's another thing).

The enterprise distributions have toolchain modules or toolsets that you
can install, all nicely integrated.  You'd probably consider those
versions too new. 8-/   I expect it's mostly an education issue, raising
awareness of what's available from vendors.   (glibc versions are a
different matter, but I don't think dropping support for historic
versions on build hosts is on the table, so that should be relevant.)

Compiler version requirements probably impact the people most who build
their own toolchains for whatever reason.  There must be unusual targets
where the upstream toolchain currently cannot build a booting kernel,
for instance.  If you require newer toolchain features in generic code,
it could bring some temporary suffering to those people: they need to
fix their toolchain before they can contribute again to the mainline
kernel.

Thanks,
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ