A recent and new CPU bug, CVE-2018-8897, is fixed in DragonFly.  THis applies to both Intel and AMD processors.  I’m happy to see that the CERT page lists equal notification timing for a whole lot of operating systems, rather than the few that heard about Spectre/Meltdown early.

Following that topic, Matthew Dillon has “fleshed out” Spectre mitigations, and his commit message details the current state.  The sysctl ‘machdep.spectre_mitigation’ will tell you what’s set at any given point.

Update: update.