Hi Marc, On Thu, Sep 25, 2025 at 01:56:21PM +0200, Marc Haber wrote: > I reaffirm that. Should the TC decline to give formal advice (which I would > be fine with), I would go ahead to disable -fcf-protection for i386 builds > (and verify that the amd64 and arm64 binary stay identical) and build > packages for trixie and bookworm, submit both of them for the next point > release.
Please bear in mind that these flags are architecture-specific. The arm64 compiler does not understand -fcf-protection at all (and this is a recurring problem for cross builds when people mix build/host compiler flags with host/build compilers). For arm64 you should be seeing -mbranch-protection=standard since trixie. Likewise, an amd64 compiler will fail on encountering -mbranch-protection=standard. Helmut
