I notice that amd64-microcode and intel-microcode haven't been updated in stable this year. (Indeed, amd64-microcode hasn't been updated at all this year, but I know AMD has issued an update!) You have updated intel-microcode in backports suites instead. What's the reasoning behind this? I would expect all microcode updates to meet the criteria for a stable update (fixing instability or data loss bugs) or security update. As you probably know, updated microcode is needed to mitigate against Spectre v2 when running code that has not been rebuilt with the "retpoline" mitigation, such as when making BIOS/UEFI calls. I think it's also needed to support Spectre v2 mitigation in KVM guests running Windows. The Linux kernel in stretch has had support for the microcode-based mitigation since version 4.9.82-1+deb9u1. I'm currently working on backporting these changes to jessie, so microcode updates would be useful there too. Ben. -- Ben Hutchings Unix is many things to many people, but it's never been everything to anybody.
Attachment:
signature.asc
Description: This is a digitally signed message part