[zfs-discuss] Spectre and Meltdown impact on ZFS

Gordan Bobic gordan.bobic at gmail.com
Wed Jan 10 09:43:36 EST 2018

On Wed, Jan 10, 2018 at 2:33 PM, Jan Schermer via zfs-discuss <
zfs-discuss at list.zfsonlinux.org> wrote:

> I know about Devuan but I’m a bit worried about how fast upstream updates
> will get there (no idea how big the dev-team/community os) and LTS
> viability.

How bleeding edge do you need to be?

> But it was possible to deploy a systemd-less Ubuntu, wasn’t it?

Not for a few years at least, AFAIK.

> I’ll segway once more since we’re talking Meltdown.
> I’m very disappointed by the community response to those bugs - everybody
> keeps parroting how this was a shining example of vendor response… NO IT

Yeah, I'm with you on that one, but not for the reasons you might be
referring to.
My annoyance of the past week has been that I heard about the bug from
ElReg, rather than being told by our hypervisor vendor "Here's a patch,
don't ask what it is, but deploy it RIGHT NOW!" back in December when AWS
seems to have started their patch rollout.

> Reponsible disclosure applies to the vendors responsible for the bug! That
> means it should have been disclosed to Intel/AMD/ARM/IBM/… and have them
> work on a hardware/microcode solution if possible. Even if it is by
> architecture design, they are producing the chips and the ones responsible
> for it anyway.
> Then after 3 months this should have been made public to all users.

Reading between the lines, I get the impression somebody publicly disclosed
it before the embargo was up and before all the patches were ready.

> Instead it was disclosed to hardware and selected software vendors, and
> folk like OpenBSD were left in dark until “patches were ready” - this is
> not how responsible disclosure works but makes it looks like Intel did the
> right thing, without them actually resolving anything.

It's a tricky issue. How far do you disclose it? The wider the disclose it,
the greater a chance of it leaking out before the patches are ready.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.zfsonlinux.org/pipermail/zfs-discuss/attachments/20180110/85764789/attachment-0001.html>

More information about the zfs-discuss mailing list