[pkg-go] [pkg-golang-devel] Security support for packages written in Go
Florian Weimer
fw at deneb.enyo.de
Mon Jul 11 07:22:12 UTC 2016
* Michael Hudson-Doyle:
> On 10 July 2016 at 07:39, Florian Weimer <fw at deneb.enyo.de> wrote:
>> * Dmitry Smirnov:
>>
>>> On Friday, 8 July 2016 8:53:20 AM AEST Florian Weimer wrote:
>>>> Part of the problem is that we currently lack a decent way to list all
>>>> these reverse dependencies.
>>>
>>> We can get list of all source packages to re-build from reverse build
>>> dependencies. Then it should be possible to filter arch:any
>>> packages to bin-
>>> NMU.
>>>
>>> Alternatively Built-Using field could be of help.
>>
>> We already discussed why this doesn't work with the present state of
>> the metadata.
>
> Do you mean the "B-U is only direct dependencies" problem? That's
> fixed now.
Hmm. I poked at a few packages, and here is what I found:
golang-siphash-dev does not have any Built-Using header.
golang-gopkg-tylerb-graceful.v1-dev does not list golang-x-text,
although its dependency golang-golang-x-net-dev was built using it.
(I'm looking at unstable.)
Would this be fixable through a mass rebuild?
> Was there something else?
The dependency-generating script does not end up in Built-Using.
I think we discussed including its version at some point.
More information about the Pkg-go-maintainers
mailing list