El 02/09/2025 a las 15:48, Marc Haber escribió: > The Geode is an i586 machine that doesn't support the full i686 instruction > set. As far as I know, we stopped supporting i586 iterally decades ago.
Via Nehalem C3 and Vortex86DX3 are i686. Otherwise the kernel would be completely unbootable. And I know because that is the case for other i586 machines (eg Vortex86MX) If you are targetting a i686, a Pentium Pro, that makes even less reasonable that you are enabling a security feature that was introduced in 2020 and that breaks on i686-era processors. > The OP is suggesting to disable a security feature for i386 so that sudo (and > other software that uses -fcf-protection) can run on their CPU that was never > officially supported in bookworm. They're claiming that this option is a > no-op on i386 anyway, but why is it enabled in our toolchain then? Should > this issue not be addressed in the toolchain? It is enabled in the toolchain for the same reason you can use AVX2 with unsupported processors - it is your duty as a programmer to use compatible flags. The sudo maintainer used the flag because the thought it was supposed to enable all protection on processors that supported it, such as AArch64, which is not the case and why he agreed to enable explicitely on AMD64 only.
