[pkg-golang-devel] [SECURITY] [DLA 1664-1] golang security update
Chris Lamb
lamby at debian.org
Fri Feb 8 16:31:05 GMT 2019
Hi Tobias,
> $ grep-dctrl -FBuild-Depends golang-go -w -sPackage
> /var/lib/apt/lists/*Sources
[..]
>
> Please note that there are probably a lot of false positives in this
> list, because not every package uses crypto/elliptic.
Indeed. So how reliable would it be to look for "crypto/elliptic"
and skip those? I fear that might accidentally exclude packages due
to transitive imports / Build-Depends or similar?
Or: should I just save effort and upload the lot?
> Please note that I was not able to get build-rdeps to run in a
> jessie chroot
(Ah, not just me then; I needed to hack the "sid|unstable" bit in
the code but didn't want to yak-shave that at the time!)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby at debian.org 🍥 chris-lamb.co.uk
`-
More information about the pkg-golang-devel
mailing list