With recent interest in java programs like I2P, I wonder if I should revert clflush restrictions to make things easier by default? (used by rowhammer and side-chanel attacks)
Technically i386 openjdk is a good workaround but it depends on how long we expect Debian to carry ths arch.
If you think its worth keeping this restriction around make a note on phabricator to test it out and document it.