| 1 |
Hi Andreas, |
| 2 |
|
| 3 |
I really appreciate your interest as I am try to convince our fellows. |
| 4 |
|
| 5 |
"Andreas K. Huettel" <dilfridge@g.o> writes: |
| 6 |
|
| 7 |
> another option would be to (try to) revive glibc-2.5, 2.12, and 2.17 |
| 8 |
> instead. |
| 9 |
|
| 10 |
> Yes I know they are even older, but these are the versions that RHEL |
| 11 |
> uses, and for which RH still provides support (until 2020 for 2.5, |
| 12 |
> 2024 for 2.12)... |
| 13 |
> https://sourceware.org/glibc/wiki/Release#Distribution_Branch_Mapping |
| 14 |
|
| 15 |
> That however would require that the RHEL patchsets are public |
| 16 |
> somehwere. Which I doubt... after all there's an "E" in RHEL... |
| 17 |
|
| 18 |
> [...] |
| 19 |
|
| 20 |
> ... except that my personal motivation has dropped somewhat when |
| 21 |
> noticing that the CentOS package applies 552 (!) patches on top of |
| 22 |
> 2.17. |
| 23 |
|
| 24 |
Carrying Redhat patches are not only technical unfeasible, but also out |
| 25 |
of our best interest. The reasons are the following. |
| 26 |
|
| 27 |
glibc-2.5 does not support fortify, thus breaking gentoo version of gcc |
| 28 |
since verison 4.3 (Bug 289757). The original purpose of |
| 29 |
prefix-standalone was to introduce newer glibc from gentoo to solve this |
| 30 |
issue. So shipping glibc-2.5 requires maintaining seperate versions of |
| 31 |
gcc. |
| 32 |
|
| 33 |
glibc has some tolerance for kernel. 2012 glibc-2.16 supports 2004 |
| 34 |
linux-2.6.8. It buys us 8 years! That's the basis for the magic of |
| 35 |
prefix-standalone. gcc in turn has some tolerance for glibc. So far |
| 36 |
glibc-2.16 is still supported by the newest gcc but glibc-2.5 is |
| 37 |
definitely out of the game. |
| 38 |
|
| 39 |
I hear your instinct for RHEL versions for security consideration. But |
| 40 |
in this use case, the kernels are usually outdated for many years and |
| 41 |
prone to multiple privilege escalation CVE's. If the administrators of |
| 42 |
these systems cared about security, these antiques wouldn't have existed |
| 43 |
in the first place. |
| 44 |
|
| 45 |
Therefore, using edge versions of glibc-2.16 (newest glibc to support |
| 46 |
linux 2.6+) and 2.19 (newest glibc to support linux 2.6.16+) makes more |
| 47 |
sense. |
| 48 |
|
| 49 |
Yours, |
| 50 |
Benda |
Archives