On Fri, Jul 15, 2022 at 7:51 AM Ben Hutchings <b...@decadent.org.uk> wrote:
> On Wed, 2022-06-22 at 10:05 +0200, Graham Inggs wrote: > > Hi, > > > > As part of the interim architecture qualification for bookworm, we > > request that DSA, the security team, Wanna build, and the toolchain > > maintainers review and update their list of known concerns for bookworm > > release architectures. > > > > If the issues and concerns from you or your team are not up to date, > > then please follow up to this email (keeping debian-release@l.d.o in CC > > to ensure we are notified). > > > > In particular, we would like to hear any new concerns for riscv64 > > (see below). > > > > Whilst porters remain ultimately responsible for ensuring the > > architectures are ready for release, we do expect that you / your team > > are willing to assist with clarifications of the concerns and to apply > > patches/changes in a timely manner to resolve the concerns. > [...] > > For i386, I have some concerns about upstream support of the Linux > kernel. CPU security mitigations for x86 are concentrated on amd64, > with i386 being left behind. Mitigation of Meltdown required a > different implementation for i386 that was completed months after the > public disclosure and was never backported to stable branches. More > recently it became clear that mitigation of RETbleed was never tested > on i386, since it didn't even compile there. > > More generally, on 32-bit systems Linux can only directly access about > 1 GiB of RAM, and support for large amounts of additional RAM (highmem) > has been steadily regressing. This is not likely to be fixed. > > This is not to say that i386, or 32-bit architectures, should be > dropped as a whole. We've supported installing a 64-bit kernel on i386 > since etch, though it now requires adding amd64 as a foreign > architecture. I do think that at some time soon we should stop > releasing kernel binaries or an installer for i386. > i386 is anchient in tech terms it was introduced in 1985. If debian wants to keep supporting 32 bit OS then it should bump up to i686. i686 supports Pentium 4 and later processors. I do not imagine anyone using a CPU older than Pentium 4 and if they are it is time to upgrade. An Intel core 2 duo CPU is dirt cheap and supports 4GB of RAM. > (If we don't make that change for bookworm, then we should probably > strongly encourage users to use 64-bit kernels on 64-bit capable > hardware, and document how to install a foreign kernel package.) > > Ben. > > > -- > Ben Hutchings > Unix is many things to many people, > but it's never been everything to anybody. > -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/ ⠈⠳⣄⠀⠀
