[pkg-go] Go security support in buster
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 6 05:27:00 BST 2018
Hi Florian,
On Wed, Sep 05, 2018 at 08:34:10PM +0200, Florian Weimer wrote:
> * Michael Stapelberg:
>
> > I thought haskell was in a similar boat? They have tooling to schedule
> > binNMUs for affected packages.
>
> My understanding is that you can't simply schedule binNMUs on the
> security archive because the security archive does not have the
> sources until the first upload of the package. (But I'm a bit out of
> touch; this may have changed.)
That is still right. A while ago I filled
https://bugs.debian.org/823820 (which is more specific for uploads
with Build-Using) but maybe the idea can be generalized here. Given we
cannot schedule binNMUs right now on security-master if the source is
not yet available and need a sourcefull upload in those cases.
Regards,
Salvatore
More information about the Pkg-go-maintainers
mailing list