From: wrar@debian.org 
  
 On Thu, Aug 21, 2025 at 06:53:48PM +0200, Marcos Del Sol Vives wrote: 
 >>> Would it be acceptable to, rather than disable it entirely as previously 
 >>> proposed, enable CET only when compiling for IA64 (amd64), but not for 
 any 
 >>> other architecture? 
 >> 
 >> I think you are mixing up IA64 (Intel Itanium), a non-x86 instruction set 
 from Intel, with amd64/x86_64 (also known as EM64T or Intel 64), a 64-bit 
 expansion of the x86 instruction set. They are not the same thing, even 
 though 
 x86 is also referred to 
 as IA32: you might reasonably expect that the 64-bit expansion/replacement 
 of 
 IA32 would be called IA64, but because of how Intel have chosen to name 
 their 
 products, that is not actually true. (I agree that this naming is extremely 
 confusing.) 
 >> 
 >> Typical 64-bit "PC" laptops/desktops/servers are x86_64 machines that can 
 (hopefully) run Debian's amd64 architecture, regardless of whether their CPU 
 was manufactured by Intel, AMD or someone else. 
 >> 
 >> If you want to get security-sensitive changes merged for the benefit of 
 these architectures, it will probably go better if you are clear about which 
 architecture you are talking about! 
 >> 
 >> (Another relevant source of confusion is that 32-bit x86 is not the same 
 thing as x32.) 
 >> 
 >> €€€€€€ smcv 
 > 
 >Hey. 
 > 
 >I was incorrectly referring with IA64 not to Itanium but to x86-64 aka AMD64 
 aka long mode, as IA32 is indeed x86. My bad! The x86 naming scheme is 
 indeed 
 a pretty convoluted one. 
 > 
 >Anyhow, my point would be the same: maybe keep CET only for amd64, and 
 disable it for the rest: 
  
 Well you've already got the answer to this question specifically (back in 
 2023) but you should also consider that the baseline for i386 in trixie is 
 no longer suitable for you anyway. 
  
 -- 
 WBR, wRAR 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAminV8stFIAAAAAAFQAP 
 cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh 
 RnIP+wXwbDfSkMa66D6riiitDtsNFimA7EgC6lqNLuJAmLQl9oHEOHGVLq6aMtmx 
 x+jVbR9VNpPvtw9ZUs/RJEodI7/BvvFJvZCZZseB2jhQD4ueDEGXBctFJy/vYVd0 
 S4WbfaVHiZJjUW7zR+YAOvewb1ZMD7qxcVZoUnuumUS9gUDN5NCbQBE0XbrfvWXJ 
 2SG239hKTVYL7Z6lL4DJt5Kzb2dzM3fRblgGLL19JnMM1nARv+Id6YRYhzn2Ojwt 
 wMF+9OZH5wpA5Oofh5NiK1rV+fwuvyVGU6FvkJnhOO87PjfIR3sfM0loZXi1Jwuj 
 k4odloJPQl4V+teT26ZCNN1THact3Wl/9g0eQq7Qx1phaArHiZ70QWRL7Sh+J6M9 
 UkDTFYhnlVR7uWze7bGkKiglOxQjjtHu+/ZeXZhKIJnPKw27rj8Ldv/ZKUXmMzd9 
 JzSSM1xD6b48pFEoFffGDxYsQrliaUv/ocaegU99NVFvtwYq+k6mItnLfp9szMeD 
 H5vefGvuqG0hCOQtrDuQe1XXFdiGnY/KLZSK886uwmUyvsWGJO2UkyUgJgbu+j+i 
 cyKS4fVIb+x+gU9kcJ27uzTj7u7UeKk349BDVXYw8C754ljX0BG48dJO0EA+a2pf 
 3Ht18yMMgHpjO0Ksb8NUedxRIGW+uKJgiRsvMA+U6D1I7sBj 
 =DODD 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)