Seems like it still in development, they have improvements in mind to reduce unnecessary system calls, and at this time you would only run these patches if memory safety was ago critical you didn’t care about IO performance, which is niche.
Let’s do this Microsoft’s style: push it in production and nudge users to buy faster CPUs 🤦♂️
These patches do offer some benefits for cloud providers or in general orgs that host a bunch of different products on potentially the same machine.
I could see benefits in them, especially if the v3 or whatever addresses some of the issues.
then make it default off and switchable with a kernel param, or if its a lot of code then make its compilation optional and default off
Depends: did lennart poettering write it? If so, they’ll jam it down out throats.
Don’t known but just to be safe let me fix it already :
system-ctl disable address-space-isolation@memory-security.service
Thank you. Fuck that piece of shit.
The issue with that approach for the desktop is everyone will just move to other OS-es.
When Microsoft does it, you live with it cuz you have no choice.
