On Tue, Dec 6, 2022 at 10:06 AM Gary Buhrmaster
<gary.buhrmaster(a)gmail.com> wrote:
My full comment in that blog post is:
"We need a proper study of performance and code size to understand the
magnitude of the impact created by _FORTIFY_SOURCE=3 additional
runtime code generation. However the performance and code size
overhead may well be worth it due to the magnitude of improvement in
security coverage."
To elaborate, I think the performance and code size study is an
interesting academic concern, but the magnitude of improvement
justifies whatever little performance impact this may introduce and it
should not be a blocker for the improvement.
It's interesting how now it's just an academic concern. Please hold yourself to at
least the standards set for
https://pagure.io/fesco/issue/2817 in terms of benchmarking
and persuading everyone that performance degradation across entire ecosystem is not a
concern.
Sure, I could add that as a comment in the proposal.
We need benchmarks, not a comment. Thank you.
>
> Thanks,
> Sid