[pkg-go] Security support for packages written in Go
Dmitry Smirnov
onlyjob at debian.org
Fri Jul 8 03:35:09 UTC 2016
On Wednesday, 6 July 2016 9:59:32 PM AEST Moritz Mühlenhoff wrote:
> What's the current status? Is there technical progress compared to what was
> discussed in April? The freeze is coming really close and we can't support
> the status quo for stretch.
Perhaps I'm not the best person to speak on the matter as I've never touched
any Golang tools except dh-golang. Situation with Golab libraries is not
ideal (to say the least) but I understand that Golang is not the only
language without concept of dynamic linking. As I recall someone mentioned
Haskell as another example.
It is my understanding that when vulnerability is fixed in Golang library it
should be sufficient to NMU (re-build) all reverse dependencies.
I believe that Golang stuff that we've packaged should become part of next
release even without security support. Debian simply won't be competitive
without container tools so excluding Golang is not an option.
IMHO shipping container-related software should be our strategic priority for
next release.
--
Cheers,
Dmitry Smirnov.
---
In individuals, insanity is rare; but in groups, parties, nations and
epochs, it is the rule.
-- Friedrich Nietzsche
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-go-maintainers/attachments/20160708/0cf4394c/attachment-0001.sig>
More information about the Pkg-go-maintainers
mailing list