On Wed, Nov 19, 2025 at 08:31:28PM +0100, Christoph Berg wrote:
I am calling for votes on this ballot:[A] The TC advises the sudo maintainer to update the sudo package in bookworm such that on the i386 architecture, the `-fcf-protection` compiler flag is no longer used. [F] Further discussion.
I'm incredibly grateful to patient explinations from Marcos; it took me a second to catch up, but I understand it now thanks to your explanations and refs.
This bug winds up with me feeling pretty good about Debian, all in all. Marc is doing an exceptional job maintaining sudo, and the thought that has gone into his cautious approach to changes from upstream is not lost
on me.I don't see any technical reason why this isn't a safe and Debian policy-aligned change to those running sudo on i386.
In addition, upstream has accepted a similar patch.Last note: At the end of the day, what we do with bookworm is ultimately up to the (old?)stable release managers -- bookworm (albeit the last full "i386" [read: i686] release), is still now oldstable. While it's not officially EOL until June 2026, there is still work to be done to socalize this change further in order to actually update bookworm.
Thank you both very much. I vote A > F -- ⢀⣴⠾⠻⢶⣦⠀ Paul Tagliamonte <paultag> ⣾⠁⢠⠒⠀⣿⡁ https://people.debian.org/~paultag | https://pault.ag/ ⢿⡄⠘⠷⠚⠋ Debian, the universal operating system. ⠈⠳⣄⠀⠀ 4096R / FEF2 EB20 16E6 A856 B98C E820 2DCD 6B5D E858 ADF3
signature.asc
Description: PGP signature
