On 05/04/2019 00:52, Riff J via Boost wrote:
Hi everyone,
I am a developer from Microsoft and currently using boost in our project. We recently get noticed by our security team, that the boost library we use, are not compiled with spectre mitigation (/Qspectre) enabled. Since boost is super powerful, it might not be a good idea to write our own or maintain our own version, so we are reaching out for help. Could anyone please help see if we could enable /Qspectre option in the official build of boost?
We tend to use default compiler flags for official builds, but it's relatively easy for you to build Boost with whatever other flags you may want: cd boost-root-dir bootstrap b2 --build-type=complete cxxflags=-Qspectre Will build the libraries with the latest installed msvc version and the /Qspectre flag enabled. And of course for header only libraries you don't need to do anything at all anyway. One thing we could look at for future releases would be to provide differently-named binaries for /Qspectre. Anyone else have thoughts on that? HTH, John.
And here is the vcblog about the spectre mitigation, if anyone is interested: https://blogs.msdn.microsoft.com/vcblog/2018/01/15/spectre-mitigations-in-ms... .
And since this is the first time I use this mail list, please let me know, if I didn't use it correctly or anything I should pay attention to.
Thanks a lot, Riff
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus