Going back through the discussion on this thread, I'm taken by two main
reactions:
- discussion of the specific class of bugs/security holes
- a lot of comments that "this is an issue for upstream"
What I haven't seen, so I'll add it to the discussion, is that this
strikes me as an issue for "WAY upstream" - i.e., if gcc's optimizer is
opening a class of security holes - then it's gcc that has to be fixed,
after which that class of holes would go away after the next build of
any impacted package.
Miles Fidelman
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5294ee82.8050...@meetinghouse.net
