Going back through the discussion on this thread, I'm taken by two main
reactions:
- discussion of the specific class of bugs/security holes
- a lot of comments that "this is an issue for upstream"
What I haven't seen, so I'll add it to the discussion, is that this
strikes me as an issue for "WAY upstream" - i.e., if gcc's optimizer is
opening a class of security holes - then it's gcc that has to be fixed,
after which that class of holes would go away after the next build of
any impacted package.
Miles Fidelman
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
