On Tue, Sep 02, 2025 at 03:59:03PM +0200, Christoph Berg wrote:
Yeah I think you were right in rejecting this.
I would need to read more to "get smart" here, but I think another factor to consider is the number of "true" i686 processers running this release vs the number of x86_64 processors running this release under an x86_64 kernel.
My understanding from a quick read of the docs here (although, about 2 minutes worth so i'm very open to being convinced otherwise here) is that disabling this would disable CET for sudo:i386 when running under
an amd64 kernel, in order to allow a i586 to run a i686 binary. paultag -- ⢀⣴⠾⠻⢶⣦⠀ Paul Tagliamonte <paultag> ⣾⠁⢠⠒⠀⣿⡁ https://people.debian.org/~paultag | https://pault.ag/ ⢿⡄⠘⠷⠚⠋ Debian, the universal operating system. ⠈⠳⣄⠀⠀ 4096R / FEF2 EB20 16E6 A856 B98C E820 2DCD 6B5D E858 ADF3
Attachment:
signature.asc
Description: PGP signature