[pkg-go] Bug#1023290: golang-raven-go: Include outdated copy of CA bundles
Shengjing Zhu
zhsj at debian.org
Tue Nov 1 19:56:40 GMT 2022
Source: golang-raven-go
Version: 0.2.0+ds1-2
Severity: serious
Tags: security
X-Debbugs-Cc: zhsj at debian.org, praveen at debian.org
Hi Pirate Praveen,
In 2018, you said we should not package golang-github-certifi-gocertifi[1],
as we should use the system CA bundles.
But why you include that in the vendor dir[2] in golang-raven-go?
[1] https://lists.debian.org/debian-go/2018/12/msg00065.html
[2] https://salsa.debian.org/go-team/packages/golang-raven-go/-/tree/debian/0.2.0+ds1-1/vendor/github.com/certifi/gocertifi
More information about the Pkg-go-maintainers
mailing list