On 29 January 2018 at 10:17, Michael Lange <klappnase@xxxxxxxxxx> wrote:

On Mon, 29 Jan 2018 08:35:58 +0000
Michael Fothergill <michael.fothergill@xxxxxxxxx> wrote:

> ​Your need to upgrade to unstable (Debian Sid).  Then you need to get
> the latest kernel from the kernel.org website.
> You also need to install GCC7 in sid which will give you version 7.3.0
> at present.  That is a new enough compiler to be able to properly
> install the spectre and meltdown fixes.

The "meltdown fix" (a.k.a. page tables isolation) is already included in
Stretch's 4.9 kernel.

> Then you need to run the spectre/meltdown checker which you can get
> from a github site and run locally on your box to know it's really
> installed properly.
> AFAICT at present running a kernel with spectre and meltdown protection
> means running debian in the opposite way it is usually billed as to the
> outside world ie unstable for quite some time.

That's not entirely true, you can run Debian Stable / Stretch with a
kernel that was compiled on Sid with gcc-7.3, however it is true that for
now there is no such kernel available for Stretch out-of-the-box and even
installing the latest gcc-7 compiler packages from sid on a Stretch
system is, if possible at all, probably not trivial.

​That is pretty much what I had been led to believe already except
for the part where you suggest that a kernel compiled in Sid could apparently
be used in stable.  Again, if that would be true I should have mentioned it to the OP; sorry about that.
Apart from that it makes me think that what I posted was perhaps not BS after all.......



I assume that most likely someone is working on an update to gcc-6 that
will make it possible to compile the latest "spectre fix" into the kernel
with Stretch's default compiler and we will have to wait until that is

I think it is likely though, that a kernel with that fix will be
available soon in the "experimental" suite and could be installed
manually on Stretch.




