[pkg-go] Security support for packages written in Go

Florian Weimer fw at deneb.enyo.de
Fri Jul 8 06:53:20 UTC 2016


* Dmitry Smirnov:

> On Wednesday, 6 July 2016 9:59:32 PM AEST Moritz Mühlenhoff wrote:
>> What's the current status? Is there technical progress compared to what was
>> discussed in April? The freeze is coming really close and we can't support
>> the status quo for stretch.
>
> Perhaps I'm not the best person to speak on the matter as I've never
> touched any Golang tools except dh-golang. Situation with Golab
> libraries is not ideal (to say the least) but I understand that
> Golang is not the only language without concept of dynamic
> linking. As I recall someone mentioned Haskell as another example.
>
> It is my understanding that when vulnerability is fixed in Golang
> library it should be sufficient to NMU (re-build) all reverse
> dependencies.

Part of the problem is that we currently lack a decent way to list all
these reverse dependencies.



More information about the Pkg-go-maintainers mailing list