[pkg-go] Go security support in buster

Michael Stapelberg stapelberg at debian.org
Wed Sep 5 15:59:19 BST 2018


Aside from ratt, I also have a more specific tool to calculate binNMUs.
There’s also
https://ftp-master.debian.org/users/ansgar/outdated-built-using.txt, which
might suffice.

That said, I’m not sure merely identifying binNMUs is what’s required here…?

On Wed, Sep 5, 2018 at 4:51 PM, Stephen Gelman <ssgelm at gmail.com> wrote:

> Is this something that ratt could help with?  The general idea is similar:
> when a dependency changes the security team needs to know what other
> packages depend on it that need to be binNUM’d.
>
> Stephen
>
>
> On Sep 4, 2018, at 1:27 AM, Michael Stapelberg <stapelberg at debian.org>
> wrote:
>
> I thought haskell was in a similar boat? They have tooling to schedule
> binNMUs for affected packages.
>
> If you can outline in more specific steps what needs to be done, maybe we
> can find someone to do the work. Right now, I have no familiarity with
> Debian’s archive infrastructure.
>
> On Mon, Sep 3, 2018 at 11:42 PM, Moritz Muehlenhoff <jmm at inutil.org>
> wrote:
>
>> Hi,
>> there were earlier discussions about this before (2015 or so),
>> but this is now becoming critical for buster, see my original
>> mail to the release team:
>> https://lists.debian.org/debian-release/2018/07/msg00002.html
>>
>> If Go-based applications are to be included in Debian buster
>> and covered by security support, someone needs to step up
>> and implement a solution for this.
>>
>> Cheers,
>>         Moritz
>>
>> _______________________________________________
>> Pkg-go-maintainers mailing list
>> Pkg-go-maintainers at alioth-lists.debian.net
>> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg
>> -go-maintainers
>
>
>
>
> --
> Best regards,
> Michael
> _______________________________________________
> Pkg-go-maintainers mailing list
> Pkg-go-maintainers at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/
> pkg-go-maintainers
>
>
>


-- 
Best regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20180905/b5d912ea/attachment.html>


More information about the Pkg-go-maintainers mailing list