[pkg-go] Security support for packages written in Go
Tianon Gravi
tianon at debian.org
Tue Apr 5 21:50:57 UTC 2016
On 5 April 2016 at 14:47, Florian Weimer <fw at deneb.enyo.de> wrote:
> We currently need these intermediate dependencies to discover all the
> affected applications. So perhaps dh_golang needs to construct the
> transitive closure, instead of listing just immediate build
> dependencies. If we don't want to put this information into the
> Packages file, maybe we can keep it in the separate debuginfo
> packages.
It _should_ be possible to adjust dh_golang to use "go list" in order
to determine the exact full set of Go packages which the application
code depends on, and then use _that_ list to cross-reference the files
in /usr/share/gocode to get the real list of packages for Built-Using
( haven't verified whether it's feasible for dh_golang to do this, but
it's pretty similar to how it's currently using "go list" to gather
the list of packages to actually build).
♥,
- Tianon
4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4
More information about the Pkg-go-maintainers
mailing list