[OE-core] Yocto Project, Spectre and Meltdown

Manjukumar Harthikote Matha MANJUKUM at xilinx.com
Sun Jan 28 17:59:02 UTC 2018 


> -----Original Message-----
> From: akuster808 [mailto:akuster808 at gmail.com]
> Sent: Saturday, January 27, 2018 4:48 PM
> To: Richard Purdie <richard.purdie at linuxfoundation.org>; Manjukumar Harthikote
> Matha <MANJUKUM at xilinx.com>; openembedded-core <openembedded-
> core at lists.openembedded.org>
> Subject: Re: [OE-core] Yocto Project, Spectre and Meltdown
> 
> 
> 
> On 01/27/2018 03:06 PM, Richard Purdie wrote:
> > On Sat, 2018-01-27 at 16:59 +0000, Manjukumar Harthikote Matha wrote:
> >> -----Original Message-----
> >>> From: openembedded-core-bounces at lists.openembedded.org
> >>> [mailto:openembedded-core-bounces at lists.openembedded.org] On Behalf
> >>> Of Richard Purdie
> >>> Sent: Saturday, January 27, 2018 8:36 AM
> >>> To: openembedded-core <openembedded-core at lists.openembedded.org>
> >>> Subject: Re: [OE-core] Yocto Project, Spectre and Meltdown
> >>>
> >>> On Tue, 2018-01-16 at 11:38 +0000, Richard Purdie wrote:
> >>>> I just wanted to give people an update on where the project stands
> >>>> with these issues.
> >>> Master now contains gcc and kernel fixes (in linux-yocto). meta-
> >>> yocto- bsp updates
> >>> are still pending.
> >>>
> >>> rocko-next also has those fixes and is undergoing testing which if
> >>> it passes, will get pushed to rocko.
> >>>
> >> I see that rocko-next branch is upgrading the GCC version to 7.3 from
> >> 7.2 , is there a reason to do so?
> >> I was under the impression that we would backport the security fixes
> >> to 7.2 version.
> > As Khem replied, this is the stable gcc series and gcc remapped their
> > versioning scheme a while back to mean that 7.3 is a point release of
> > the 7 series.
> >
> > I'm of the view that the gcc team know a lot more about which patches
> > should be backported to a stable series and have a better skillset and
> > knowledge base to know how to apply patches onto the older versions
> > than we do. As such I believe that 7.3 is the right approach for rocko.
> 
> Agreed.

I thought it is a big upgrade in subsequent upgrade, hence my question.

> 
> >
> > Do you have a reason to believe we should do something else?

We have released a rocko based distribution, my fear of changing 7.2->7.3 in subsequent upgrade cycle might result in quite some extensive testing across all product ranges and application development of top. This might result in quite some churn, hence the question.  

Thanks,
Manju

More information about the Openembedded-core mailing list