[pkg-go] [pkg-golang-devel] Security support for packages written in Go
Moritz Mühlenhoff
jmm at inutil.org
Wed Jul 13 07:17:48 UTC 2016
On Mon, Jul 11, 2016 at 05:41:52PM +1000, Dmitry Smirnov wrote:
> On Monday, 11 July 2016 9:22:12 AM AEST Florian Weimer wrote:
> > Hmm. I poked at a few packages, and here is what I found:
> > golang-siphash-dev does not have any Built-Using header.
> > golang-gopkg-tylerb-graceful.v1-dev does not list golang-x-text,
> > although its dependency golang-golang-x-net-dev was built using it.
> > (I'm looking at unstable.)
>
> But you are looking at wrong packages. -dev packages are just sources that
> strictly speaking are not "built" but more like "validated" on build time.
>
> You do not need to re-build source/-dev packages so they do not have Built-
> Using header intentionally. What you need to be looking at is arch:any binary
> packages built from go sources involving multiple libraries.
>
> Examples of Golang executables include docker.io, containerd, etcd, grafana,
> runc, acbuild, docker2aci, influxdb, rkt, consul, fleet, nomad, skydns,
> kubernetes-{node|master|client}, etc.
To have some hard numbers: If golang itselfs needs an update, how many
packages need a rebuild?
Cheers,
Moritz
More information about the Pkg-go-maintainers
mailing list