From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id cFqQNsPVZ2IwSgAAbAwnHQ (envelope-from ) for ; Tue, 26 Apr 2022 13:21:39 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id 2KN6NsPVZ2IpmQAAauVa8A (envelope-from ) for ; Tue, 26 Apr 2022 13:21:39 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B0E8B1DDC7 for ; Tue, 26 Apr 2022 13:21:39 +0200 (CEST) Received: from localhost ([::1]:48100 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njJGE-0002xM-TE for larch@yhetil.org; Tue, 26 Apr 2022 07:21:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44524) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njJ2J-0007Xg-8o for guix-devel@gnu.org; Tue, 26 Apr 2022 07:07:15 -0400 Received: from mail-qk1-x734.google.com ([2607:f8b0:4864:20::734]:39666) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njJ2G-0005D9-FK for guix-devel@gnu.org; Tue, 26 Apr 2022 07:07:14 -0400 Received: by mail-qk1-x734.google.com with SMTP id q75so12843382qke.6 for ; Tue, 26 Apr 2022 04:07:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=CVPdEQwqvmZYMVUVqkoBhzIiqUXKb4Kz891DbTevnRA=; b=Kx5hWQJTuYNGAj68pevfreSlRgh4k92yRgBCE6TgLxCRHC6RjIWEfo3Z67s6tSiPka kRG4c4i2hia2ObGmLUhB1vB6y/A7OWQWd1pep97SClgnhXsUJmmYuygnOI4ZreWDV1ep XfJjDOZpEqDe2FLNsnsDAfA71k0y9ma57DVY18n4CWG4z7rgsEBG/cKk43nu4HqzOPxg LBfOvkDZuFHVB7Okr4hvwdRaaPKCiSq4KzxS7JXCeoiOwmwlxAfro20wylojzlkIHvLJ /1usLI61BzoWd1MET8A1792MBuE/nCSr3dbxzY5yslAVqRoBYqdaS1+1LgHRlW0RfRpY /c8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=CVPdEQwqvmZYMVUVqkoBhzIiqUXKb4Kz891DbTevnRA=; b=0jdMAGLIW1TNX6/bG9qpbtkah6SnTlfsY0PQLf0HyMW2ts8Bluq8kC2B2ayYlBI1zT GSpF1OjLrUYu3YoSx1BgB/9e0gbctNYadl0wTuhFy8GwSdIdiuIP9LYQb5ujzAAJWIH2 wW3jLVNiCch2EC5xj9Eqs4VP58d8Bw5+EPv5QZ2vnTLu+eL9vnPRZr0XlbIVC38A2kc3 goYWMUiX1ZpF/LaAs8x3b5azqnpmt4E8OfFvDv9KOR2+77C3PUp7SpxyXycIVAfLec2v UprHIghiD906ipnxFdBAwG4dXrEoiLgaT+jeMj/FTbANF06SuePnQ6GxioRvGwDe/0wP NNXQ== X-Gm-Message-State: AOAM531QhQHNKwKvsew+1rKxw9Q6uKYiJbxisMoNmL0j32ccDq0pV092 WxpADddV7st4ml7EL5E33B+N0wIWN9SI2A== X-Google-Smtp-Source: ABdhPJxlHPygWpWJvI4kd4DZw7NDrON1Cec2xOWO0i1DjnYT0Zb8zKSXCwSgssue5KjjSaGxdIYASw== X-Received: by 2002:a05:620a:1981:b0:507:4a52:f310 with SMTP id bm1-20020a05620a198100b005074a52f310mr12833562qkb.611.1650971231404; Tue, 26 Apr 2022 04:07:11 -0700 (PDT) Received: from washu-v4 (172-221-246-205.res.spectrum.com. [172.221.246.205]) by smtp.gmail.com with ESMTPSA id g4-20020ac87d04000000b002e06b4674a1sm8354435qtb.61.2022.04.26.04.07.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Apr 2022 04:07:11 -0700 (PDT) From: Katherine Cox-Buday To: raingloom Subject: Re: Hardened toolchain References: <874k3r8m4m.fsf@gmail.com> <8464b1bff3acb0a84f46ea6dcbbeaa7045b03d1c.camel@telenet.be> <874k3iwysf.fsf@gmail.com> <87pmm512uv.fsf@gnu.org> <86ee1ys55z.fsf@163.com> <20220415183441.49a2628b@riseup.net> Date: Tue, 26 Apr 2022 06:07:10 -0500 In-Reply-To: <20220415183441.49a2628b@riseup.net> (raingloom@riseup.net's message of "Fri, 15 Apr 2022 18:34:41 +0200") Message-ID: <87bkwonlwh.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2607:f8b0:4864:20::734; envelope-from=cox.katherine.e@gmail.com; helo=mail-qk1-x734.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1650972099; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=CVPdEQwqvmZYMVUVqkoBhzIiqUXKb4Kz891DbTevnRA=; b=R6JXj/pkpPqOMSHnPYHsDdIVD4MV+hbW+cLB8DJbOUdidsdvspcPU/00uAFiR0gAJ9/l5l B19d2V/anjPl39qU0AaS4/GapSmr1lXzGiRBgfCnt9d3ySEaEnyVQrjP1wMMpuiCgpcqCB DPiPvXoWaApZJTWb5XXaADRt4XZY73NGCgyNEmgscSgkYtGsqhuCB5FAOSGO62mvPZSW0r e0Sot2dxKTAzbL11ccBNxqkML/aQ44noShRTO3EBXjOOpnpv5SM3/2Zjh8FQGwUE562nnl 6rWhD+UHeC4VzVwmCcfzA88KQdBpWaH+qt/xFrT/S2B7lK5kR8gWUd495YO5Rw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1650972099; a=rsa-sha256; cv=none; b=K46n/3JTX8v2+7y1Cjiq/zuizu7ooOTxMMvF5c0wRDpfACbuA/uQ2xKcjh23M/clGkhxQo tgiU4+V9n7R1gYp3Un7CRpi34EmfbeuR3EjIMJNzMtIPWF6psQME1fpfFLaqrnOoTm3Obe gdNlMhBkhgw30W2PfSsLnimLl/yeg7y4Hvqugq1Vpv22qj3cpYwu+nKxtU6KPsnJsGkKYx pEDPqRORKNm92/AFyvTpCL6T2TRIE+QWwneSB6Cdo75r4AJmeVK+L+HFESXLIhQn3aFVdr TroDQFIIDlsppS32JP/tzN+KII6ZdrRwby862GmTYCY2HE+52PgOHYQbjsCVJA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=Kx5hWQJT; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.01 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=Kx5hWQJT; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: B0E8B1DDC7 X-Spam-Score: -4.01 X-Migadu-Scanner: scn1.migadu.com X-TUID: hwba3YJEY9+a raingloom writes: > People shouldn't have to take extra steps and burn extra CPU cycles > for security. To be clear, I don't have a strong opinion on this, but I wanted to give an alternative viewpoint: people shouldn't have to take extra steps and burn extra CPU cycles for performance. Everyone has different threat models and needs. A lot of computers have CPU speculative execution attack mitigation disabled because those types of attacks will never affect those computers, and it reduces the performance of the CPU a lot. I suggest we pick our default with care, and if possible with data about what most users would like. -- Katherine