https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100444
--- Comment #7 from Edward Cree <ecree429 at virginmedia dot com> --- (In reply to Richard Biener from comment #4) > people that > cannot be bothered to update their ucode or the kernel are not likely > bothered to update libstdc++ either. Fwiw, my kernel is fairly up-to-date (5.9.0-3-amd64); it and my libstdc++ get updates pretty regularly from the distro, whereas (like most normal folks) I don't tend to reflash my BIOS without a good reason. (Which this is, I grant you, but I only found out recently that it was causing me any issues, and I'm holding off on the update in case affected projects want me to test mitigations / run additional experiments on the buggy hw.) And while Debian can apply updated ucode at boot-time, it's not enabled by default because the ucode binaries are non-free. So a user of a freedom-respecting OS, following normal routine update procedures, will automatically get libstdc++ updates but not ucode updates. But if, having considered it, you decide it's not worth it for libstdc++ to mitigate this, that's fine by me — after all, now that I know about the issue, I can fix my system. Question is whether you want to try to protect other users from hitting the same thing.
