Isn’t supporting 32-bit apps on a 64-bit OS a security concern though? I thought that’s why some linux distros were disabling 32-bit repositories by default on their 64-bit versions
Distros are shutting down system 32bit repos, because they require effort to be maintained: people who patch possible security holes, and people who test and package them. As most people have switched to 64bit systems, developers are no longer maintaining 32bit versions, no longer patching them, and barely anybody cares to check or run them, so any possible security flaws can slip through.
This is all irrelevant if you run stuff in a VM, or a container: so it has a security flaw? Cool, let it get… nothing, it’s contained.
Games running in a contained Wine, or in a OS container, can have all the security flaws they want, who cares. Games also rarely get security patches, or any kind of patches at all, so running them contained should be standard practice anyway.
32-bit apps use a sub-set of the same instructions that still exist on current 64-bit systems. Running 64-bit alone does nothing to eliminate any flaws, real or imagined, from the 32-bit side of things.
As @jarfil@jarfil@beehaw.org has stated, 32 bit repos are being de-listed because no one can be bothered to maintain them, and that lack of code and functional review could allow flaws to slip through. Meanwhile, a lot of those same 32-bit repos continue to exist(as community-maintained versions - my preferrence anyways) and can be accessed by interested users from most distros. They aren’t blocked, just de-listed and unsupported by those distro maintainers.
Thanks for the explanation! I didn’t realize it was mostly a maintenance limitation, I thought maybe 32-bit instructions could be an extra attack vector on a physical CPU instruction level or something like that.
Isn’t supporting 32-bit apps on a 64-bit OS a security concern though? I thought that’s why some linux distros were disabling 32-bit repositories by default on their 64-bit versions
Not by itself.
Distros are shutting down system 32bit repos, because they require effort to be maintained: people who patch possible security holes, and people who test and package them. As most people have switched to 64bit systems, developers are no longer maintaining 32bit versions, no longer patching them, and barely anybody cares to check or run them, so any possible security flaws can slip through.
This is all irrelevant if you run stuff in a VM, or a container: so it has a security flaw? Cool, let it get… nothing, it’s contained.
Games running in a contained Wine, or in a OS container, can have all the security flaws they want, who cares. Games also rarely get security patches, or any kind of patches at all, so running them contained should be standard practice anyway.
32-bit apps use a sub-set of the same instructions that still exist on current 64-bit systems. Running 64-bit alone does nothing to eliminate any flaws, real or imagined, from the 32-bit side of things.
As @jarfil@jarfil@beehaw.org has stated, 32 bit repos are being de-listed because no one can be bothered to maintain them, and that lack of code and functional review could allow flaws to slip through. Meanwhile, a lot of those same 32-bit repos continue to exist(as community-maintained versions - my preferrence anyways) and can be accessed by interested users from most distros. They aren’t blocked, just de-listed and unsupported by those distro maintainers.
Thanks for the explanation! I didn’t realize it was mostly a maintenance limitation, I thought maybe 32-bit instructions could be an extra attack vector on a physical CPU instruction level or something like that.