[cfarm-users] Upgrade on gcc12, gcc13 and gcc14

Jeffrey Walton noloader at gmail.com
Sun Jul 23 15:33:06 CEST 2017


On Sun, Jul 23, 2017 at 7:39 AM, Martin Guy via cfarm-users
<cfarm-users at lists.tetaneutral.net> wrote:
> On 22/07/2017, Jeffrey Walton via cfarm-users
> <cfarm-users at lists.tetaneutral.net> wrote:
>> On Sat, Jul 22, 2017 at 4:16 AM, Aymeric via cfarm-users
>> <cfarm-users at lists.tetaneutral.net> wrote:
>>
>>> I plan to upgrade during the third week of August (w33) :
>>>
>>> - gcc12 and gcc13 to Debian 7 (they are running Debian 5) ;
>
>>> After that we won't have any Debian 5 on the farm, if you still required
>>> a Debian 5 please let me know asap so we can at least keep one running.
>
> I don't *require* Debian 5 as such, but to improve portability I find
> it useful to check that things still compile and work with older libcs
> and other libraries. From that point of view, I find having a wider
> variety of systems is more useful than having the same latest version
> of the same OS on many machines...

Yes, I find it is very useful to test old distros and compilers. I
often test back to GCC 3 on Fedora 1.

The problem is old distros, like Fedora 1 and Debian 5, don't receive
patches anymore. They are effectively honeypots that compromise the
integrity of the cfarm network. There's little that can be done to
minimize the risk. Once a listening socket is opened to the world, the
attack surface drastically increases.

Local VMs can reduce risk by keeping the vulnerable machines powered
off until needed for testing. The listeners are usually not available
to the outside world so its harder to find and exploit them.

I'd be happy to share some of the scripts I use for when working on
the old distros in local VMs. They do things like build SSH and Git
from sources after downloading the package with wget. They are mostly
hacks but the get the job done expediently.

Jeff


More information about the cfarm-users mailing list