Re: GitHub Open Source Survey 2017
On Wed, 07 Jun 2017, Christian Seiler wrote:
> Am 2017-06-06 22:19, schrieb Adam Borowski:
> >Or
> >that you can sanely run x86 without at least {intel,amd64}-microcode.
>
> Well, on some systems you can install BIOS/UEFI updates that will
> load newer microcode very early in the boot process. In that case
> you really don't need the {intel-amd64}-microcode packages, and
> you could potentially run just Debian main without any non-free
> software on the disk.
Provided that the system vendor issues timely updates and you check for
new updates (and install them) frequently. That would be doing it
monthly or at most once every two months for recent systems... All of
you, owners of Intel Skylake, Intel Kaby Lake, and AMD Ryzen systems,
are doing just that, aren't you?
Because if you aren't, you are at a much higher than usual risk of data
corruption and system misbehavior.
And, unfortunately, even if you do, you could easily be still at risk:
Too many system vendors are BAD at issuing regular firmware updates, and
there are those that issue BIOS updates but stop updating the microcode
inside.
So, and I *am* sorry to say this, users in the general case *are* much
better off with intel-microcode and amd64-microcode installed.
That would be the only reason I actually bother taking care of those two
packages: it is not like I get paid to do it, and it is not relevant to
my job either. And it takes an annoying amount of effort to try to
track down what a microcode update might be fixing[1].
[1] only to find out it *is* indeed fixing critical defects, so you know
you will not be able to talk yourself out of doing the job when the next
update is released, either :-(
--
Henrique Holschuh
Reply to: