[pkg-golang-devel] [SECURITY] [DLA 1664-1] golang security update
Chris Lamb
lamby at debian.org
Fri Feb 8 15:20:48 GMT 2019
Hi all,
> > There is no sensible way to schedule binnmu's via security. So far none
> > appeared AFAIK.
[…]
> thanks for the quick feedback still!
Indeed thanks for the feedback. Looking into this quickly from a
jessie chroot:
$ build-rdeps golang
Reverse Build-depends in main:
------------------------------
heartbleeder
golang-gocapability-dev
aptly
Assuming that is right (it seems a curiously small number to me...)
I then believe we may only need sourceful uploads of:
* aptly
* heartbleeder
... as golang-gocapability-dev does not import "crypto/elliptic".
However, it could be using it transitively so it might be worth
uploading just in case.
Sound sensible?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby at debian.org 🍥 chris-lamb.co.uk
`-
More information about the pkg-golang-devel
mailing list