-
intrigeri authored
On the short term, this allows us to get the mitigation against Spectre (CVE-2017-5715). While this could be done via our freeze exception mechanism, instead I chose to bump APT snapshots and add APT pinning to install these packages from sid for the foreseeable future: keeping CPU microcode up-to-date has become an important factor in securing systems these days and such security updates land faster in sid than anywhere else in Debian.
9e6aec2c