[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Interesting dilemma although not new. The latest Intel x86 speculative execution side channel attack requires non-free packages in Debian to resolve. Of course non-free doesn’t get security team support as it is not officially part of Debian. Just emphasizes for me the non-free blob thing isn’t working for most platforms. You really do need non-free on most hardware. Although feels to me like there is a qualitative difference between software you need to make hardware work, and end user applications. I suspect the right approach to most of these side channel attacks is to make sure you aren’t hosting a cloud, or running untrusted software. If you are doing those things you probably need a detailed plan to address risk from hardware side channels as well as other more potent risks. Otherwise I’d be tempted to ignore them, as with most of the workarounds you are releasing more CO2, and losing performance, for minimal security gains. |
-- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq