On Tue, Apr 19, 2022 at 01:43:39PM +0200, Christian Kastner wrote:
In case my own wasn't clear, what I meant was: (a) all of the x86_64 hosts in our infrastructure use CPUs that utilize non-free microcode, and (b) unless we're crazy, those hosts also use the non-free intel-microcode or amd64-microcode packages to get security fixes.
I hadn't even noticed that there was an amd64-microcode package. Although I see that it is older than my CPU (3945WX), so I'm not sure that it is (yet) a problem (for me). That said…
Here's an even more radical thought: shipping any x86_64 installer CD without amd64-microcode and intel-microcode installed by default is a disservice to our users. There's no ideological "Win" when you're paying for it with the user's security, especially when they might be unaware of the problem.
I can agree with that, but I think that's a bridge to cross *after* the change proposed by Steve. -- Please do not CC me for listmail. 👱🏻 Jonathan Dowland ✎ j...@debian.org 🔗 https://jmtd.net
