1 |
Hi Andreas, |
2 |
|
3 |
I really appreciate your interest as I am try to convince our fellows. |
4 |
|
5 |
"Andreas K. Huettel" <dilfridge@g.o> writes: |
6 |
|
7 |
> another option would be to (try to) revive glibc-2.5, 2.12, and 2.17 |
8 |
> instead. |
9 |
|
10 |
> Yes I know they are even older, but these are the versions that RHEL |
11 |
> uses, and for which RH still provides support (until 2020 for 2.5, |
12 |
> 2024 for 2.12)... |
13 |
> https://sourceware.org/glibc/wiki/Release#Distribution_Branch_Mapping |
14 |
|
15 |
> That however would require that the RHEL patchsets are public |
16 |
> somehwere. Which I doubt... after all there's an "E" in RHEL... |
17 |
|
18 |
> [...] |
19 |
|
20 |
> ... except that my personal motivation has dropped somewhat when |
21 |
> noticing that the CentOS package applies 552 (!) patches on top of |
22 |
> 2.17. |
23 |
|
24 |
Carrying Redhat patches are not only technical unfeasible, but also out |
25 |
of our best interest. The reasons are the following. |
26 |
|
27 |
glibc-2.5 does not support fortify, thus breaking gentoo version of gcc |
28 |
since verison 4.3 (Bug 289757). The original purpose of |
29 |
prefix-standalone was to introduce newer glibc from gentoo to solve this |
30 |
issue. So shipping glibc-2.5 requires maintaining seperate versions of |
31 |
gcc. |
32 |
|
33 |
glibc has some tolerance for kernel. 2012 glibc-2.16 supports 2004 |
34 |
linux-2.6.8. It buys us 8 years! That's the basis for the magic of |
35 |
prefix-standalone. gcc in turn has some tolerance for glibc. So far |
36 |
glibc-2.16 is still supported by the newest gcc but glibc-2.5 is |
37 |
definitely out of the game. |
38 |
|
39 |
I hear your instinct for RHEL versions for security consideration. But |
40 |
in this use case, the kernels are usually outdated for many years and |
41 |
prone to multiple privilege escalation CVE's. If the administrators of |
42 |
these systems cared about security, these antiques wouldn't have existed |
43 |
in the first place. |
44 |
|
45 |
Therefore, using edge versions of glibc-2.16 (newest glibc to support |
46 |
linux 2.6+) and 2.19 (newest glibc to support linux 2.6.16+) makes more |
47 |
sense. |
48 |
|
49 |
Yours, |
50 |
Benda |