To cross an architecture into xonly [1], there are multiple careful steps,
followed by multiple less careful steps which are required to find the
remaining problem areas.
We have exhausted the careful steps. We are now into the next phase.
[1] Actually, this applies to just about any mitigation. Most mitigations
are based upon the concept
- that there is an artifact which is not required for any normal code
operation
- but attack methods gain tremendous advantage because that artifact
is in place
- then we ask if we can remove that artifact
- when we are confident enough pieces in the software ecosystem are
are fixed or easily fixed
- we remove the artifact, carefully, incrementally, testing along the
way
- at some point we can't fix the knowns anymore, and must face the unknowns
- hi user, thank you for finding a bug, your applications will crash
while it takes us 1-3 days to find the small issues (usually
because some upstream piece of software is using a retrograde
practice), then 1-2 days to get a new pkg snapshot out with the
fixes, and then things will be better
I'm very confident we can make it through this last phase, in which case
the next release will ship with xonly. Otherwise, we'll slow the
process down. Not going to slow it down yet. Thanks for participating
in snapshots and helping us make a better world.
