[pkg-golang-devel] [pkg-go] Security support for packages written in Go

Paul Tagliamonte paultag at debian.org
Tue Apr 5 22:05:21 UTC 2016


Love this idea, I wonder if the Import-Path XS header could help resolve
packages in a proof of concept
On Apr 5, 2016 5:54 PM, "Tianon Gravi" <tianon at debian.org> wrote:

> On 5 April 2016 at 14:47, Florian Weimer <fw at deneb.enyo.de> wrote:
> > We currently need these intermediate dependencies to discover all the
> > affected applications.  So perhaps dh_golang needs to construct the
> > transitive closure, instead of listing just immediate build
> > dependencies.  If we don't want to put this information into the
> > Packages file, maybe we can keep it in the separate debuginfo
> > packages.
>
> It _should_ be possible to adjust dh_golang to use "go list" in order
> to determine the exact full set of Go packages which the application
> code depends on, and then use _that_ list to cross-reference the files
> in /usr/share/gocode to get the real list of packages for Built-Using
> ( haven't verified whether it's feasible for dh_golang to do this, but
> it's pretty similar to how it's currently using "go list" to gather
> the list of packages to actually build).
>
> ♥,
> - Tianon
>   4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4
>
> _______________________________________________
> Pkg-go-maintainers mailing list
> Pkg-go-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-go-maintainers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-golang-devel/attachments/20160405/bd0eb96a/attachment-0001.html>


More information about the pkg-golang-devel mailing list