http://bugs.winehq.org/show_bug.cgi?id=59079
--- Comment #7 from actium@gmx.net --- (In reply to Zeb Figura from comment #6)
Isn't "dedicated server use, where OS security support is a hard requirement" kind of inherently at odds with a very new feature like ntsync?
I do (naively) presume that ntsync doesn't increase the overall system attack surface, particularly facing the internet. Regardless, it is an upstream kernel feature and thus covered by the Linux kernel security team and distribution security teams. In combination with unattended-upgrades and automatic reboots, that should deliver decent, low-overhead security on Debian Stable. Forky/Testing does not enjoy the same level of security incident response. This relates to the whole system including all internet-facing services and not just ntsync and Wine.
With regards to wine, I'm more worried about the attack surface of the windows binaries. But that is best left to sandboxing and prayer ...