[pkg-go] Go security support in buster

Salvatore Bonaccorso carnil at debian.org
Thu Sep 6 05:27:00 BST 2018

Hi Florian,

On Wed, Sep 05, 2018 at 08:34:10PM +0200, Florian Weimer wrote:
> * Michael Stapelberg:
> > I thought haskell was in a similar boat? They have tooling to schedule
> > binNMUs for affected packages.
> My understanding is that you can't simply schedule binNMUs on the
> security archive because the security archive does not have the
> sources until the first upload of the package.  (But I'm a bit out of
> touch; this may have changed.)

That is still right. A while ago I filled
https://bugs.debian.org/823820 (which is more specific for uploads
with Build-Using) but maybe the idea can be generalized here. Given we
cannot schedule binNMUs right now on security-master if the source is
not yet available and need a sourcefull upload in those cases.


More information about the Pkg-go-maintainers mailing list