[pkg-go] Security support for packages written in Go
Martín Ferrari
tincho at tincho.org
Thu Jul 7 10:40:10 UTC 2016
On 06/07/16 20:59, Moritz Mühlenhoff wrote:
> What's the current status? Is there technical progress compared to what was
> discussed in April? The freeze is coming really close and we can't support
> the status quo for stretch.
The discussion stalled at that point. AFAIK, there is no technical
solution for this. The best we could do is to have easier ways to track
dependency chains, but that does not change the fact that all golang
applications are still statically built, and so would require rebuilds
when security bugs are discovered and fixed.
I understand this is problematic, but not sure we can do anything about
it at this point.
--
Martín Ferrari (Tincho)
More information about the Pkg-go-maintainers
mailing list