[OE-core] Yocto Project, Spectre and Meltdown

[akuster808]

On 01/27/2018 03:06 PM, Richard Purdie wrote:
> On Sat, 2018-01-27 at 16:59 +0000, Manjukumar Harthikote Matha wrote:
>> -----Original Message-----
>>> From: openembedded-core-bounces at lists.openembedded.org
>>> [mailto:openembedded-core-bounces at lists.openembedded.org] On Behalf
>>> Of
>>> Richard Purdie
>>> Sent: Saturday, January 27, 2018 8:36 AM
>>> To: openembedded-core <openembedded-core at lists.openembedded.org>
>>> Subject: Re: [OE-core] Yocto Project, Spectre and Meltdown
>>>
>>> On Tue, 2018-01-16 at 11:38 +0000, Richard Purdie wrote:
>>>> I just wanted to give people an update on where the project
>>>> stands
>>>> with these issues.
>>> Master now contains gcc and kernel fixes (in linux-yocto). meta-
>>> yocto- bsp updates
>>> are still pending.
>>>
>>> rocko-next also has those fixes and is undergoing testing which if
>>> it passes, will get
>>> pushed to rocko.
>>>
>> I see that rocko-next branch is upgrading the GCC version to 7.3 from
>> 7.2 , is there a reason to do so?
>> I was under the impression that we would backport the security fixes
>> to 7.2 version.
> As Khem replied, this is the stable gcc series and gcc remapped their
> versioning scheme a while back to mean that 7.3 is a point release of
> the 7 series.
>
> I'm of the view that the gcc team know a lot more about which patches
> should be backported to a stable series and have a better skillset and
> knowledge base to know how to apply patches onto the older versions
> than we do. As such I believe that 7.3 is the right approach for rocko.

Agreed.

>
> Do you have a reason to believe we should do something else?
>
> Note that for pyro and earlier we will need gcc 6 patches, we are not
> upgrading 6 -> 7 on pyro since that would cause a ton of breakage.
Agreed. Currently  evaluating best  and safest approach.

- armin
>
> Cheers,
>
> Richard
>