[pkg-go] Security support for packages written in Go

Tianon Gravi tianon at debian.org
Tue Apr 5 21:50:57 UTC 2016


On 5 April 2016 at 14:47, Florian Weimer <fw at deneb.enyo.de> wrote:
> We currently need these intermediate dependencies to discover all the
> affected applications.  So perhaps dh_golang needs to construct the
> transitive closure, instead of listing just immediate build
> dependencies.  If we don't want to put this information into the
> Packages file, maybe we can keep it in the separate debuginfo
> packages.

It _should_ be possible to adjust dh_golang to use "go list" in order
to determine the exact full set of Go packages which the application
code depends on, and then use _that_ list to cross-reference the files
in /usr/share/gocode to get the real list of packages for Built-Using
( haven't verified whether it's feasible for dh_golang to do this, but
it's pretty similar to how it's currently using "go list" to gather
the list of packages to actually build).

♥,
- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4



More information about the Pkg-go-maintainers mailing list