Comment 5 for bug 1388889

I am the Debian upstream for both packages (intel-microcode and iucode-tool), and upstream author for iucode-tool.

Thank you for the kind comments on iucode-tool :-)

As for intel-microcode, you guys are dealing with an outdated package version. The new one in Debian addresses the Haswell microcode update issue by switching to enforced early initramfs mode updates...

This simplified the packaging a lot, but it also means there were extensive changes to all scripts, so the intel-microcode security analysis likely needs to be redone when you resync with Debian.

Also, the intel-microcode package version you're considering can be a hazard when dealing with Intel microcode updates with visible effects at the ISA level, like the Haswell "disable TSX" microcode update. It can result in an unusable system, as your QA team found out, which forced you guys to revert to the previous Intel microcode update data.

The newer version of intel-microcode in Debian enforces the safe use of early microcode updates, which allows the use of Intel microcode update data 20140913 and newer. You should consider a resync as soon as pratical.