Am 15.10.2013 20:52, schrieb Jan Kratochvil: > On Tue, 15 Oct 2013 20:25:10 +0200, Paul Wouters wrote: >> - complexity >> - complicated prelink blacklists >> - complicated cron job exclusion with sysconfig > > You can always make your software development life more simple by giving up on > some useful feature. That -O2 vs. -O0 build is a good comparison. this is just trolling >> - FIPS foot-bullets > I really do not care and do not run FIPS. Disable/uninstall prelink for FIPS. i do not care about prelink enable/install prelink >> - reduced alsr > > I do not know the details but the network facing daemons are already PIE while > most of the binaries - those not facing untrusted data - have no use for PIE. ASLR is about *untsrusted input data* you *really* think your browser, office, pdf-reader does not act with untrusted input or if that is the case this is representative for the userbase? without ASLR and prelink which is the reason not build PIE and start Firefox directly after updates you have *no randomization at all* if you think that does not matter why do you think ASLR exists >> So far you seem to say "those are not prelink bugs". > > True. *where are the numbers* proving the benfits? "it's faster" and "it's for performance" are no numbers if you defeat something *prove* why or be quiet anything else is *trolling* >> Just the FIPS issue for me > > That's for you but majority of Fedora users do not run in FIPS mode. the majority of Fedora users does not care about prelink as well becaus ethey have it only installe dbecause it's default and the performance improvement is *not* that large these days *until you prove* it isa >> Furthermore, in the past I've indicated that we should have support for >> systems booted in FIPS mode with fips=1, where though libraries and >> programs that could not be prelinked should be unprelinked, as the >> sysadmin specifically told us (via fips=1) that they value security over >> speed gains) > > OK, great, so unprelink the programs. OK, great, don't prelink them without a user decided to do so >> prelink has served us in the past. It's time to let it go. > > People continually give up on software performance with better hardware. > 64-bit systems nowadays run commonly slower than did the 8-bits in 1980s *prove the performance benfit with numbers* only repeat the same again and agin does not make it the truth BTW: 64Bit systems these days are in most cases *faster* because software can use CPU capabilities which did not exist not long ago and some of them are only available in 64bit mode
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
