public inbox for [email protected]
help / color / mirror / Atom feedFrom: Hans Buschmann <[email protected]>
To: Peter Eisentraut <[email protected]>
To: [email protected] <[email protected]>
Subject: AW: Increased SECURITY RISCS from omitting some compikler options when building PG with meson; e.g. -fcf-protection=full
Date: Wed, 8 Jul 2026 10:01:32 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
Hello Peter
Thanks for your quick response.
I totally agree that it is impossible to always follow all distributions with their specific compiler flags.
But my intention was a bit different: asking for internal consistency.
For distributions the PGDG publishes binaries for (see download page) a certain selection of compiler flags are choosen.
My intention is to set these flags as defaults for self-compiling on these platforms.
Most of the flags are compiler-driven, eventually changing with a new version.
I think it is important that these compiler options are DOCUMENTED (in the binary distributions) so that they can be set or verified when self-compiling.
I think the normal user cannot handle all these compiler options, it wants to use the tested and provided standard managed by the developers.
It is clear that the global benefits of some mitigations may arrive only much later (fedora 28 ->45).
I think in the near future (APX and AVX10.2) there will be new architectural opportunities which really could target performance on newer architectures. This will require a more thoughtfull choice of compiler options..
Hans Buschmann
view thread (6+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: AW: Increased SECURITY RISCS from omitting some compikler options when building PG with meson; e.g. -fcf-protection=full
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox