This is really great news, although a lot of this goes over my head at
this low level. I like OpenBSD for its simplicity, great man pages,
etc., and some of its philosophies, including those around security, but
I know little on the technical details of its mitigations.

I gather retguard is a mitigation against return-oriented programming
attacks, which is about manipulating return addresses so functions
return to malicious code instead of the code that called them, to
subvert protections like W^X and code signing. This is from a quick
search.

(For some reason, earlier in the thread, I was referring to W^X in the
context of different partitions, is that (or something similar) a thing
there too or was I misremembering or imagining things?)

That said, if you can explain how to mark a function with
no-retguard-please, I'm happy to do that. Googling “openbsd
"no-retguard-please"” gives no results.

Also, I reckon we're probably nearing the time to actually create a
ticket on the GHC issue tracker. What do you reckon?

Cheers,
Habib