[pkg-go] [pkg-golang-devel] Security support for packages written in Go

Dmitry Smirnov onlyjob at debian.org
Mon Jul 11 07:41:52 UTC 2016


On Monday, 11 July 2016 9:22:12 AM AEST Florian Weimer wrote:
> Hmm.  I poked at a few packages, and here is what I found:
> golang-siphash-dev does not have any Built-Using header.
> golang-gopkg-tylerb-graceful.v1-dev does not list golang-x-text,
> although its dependency golang-golang-x-net-dev was built using it.
> (I'm looking at unstable.)

But you are looking at wrong packages. -dev packages are just sources that 
strictly speaking are not "built" but more like "validated" on build time.

You do not need to re-build source/-dev packages so they do not have Built-
Using header intentionally. What you need to be looking at is arch:any binary 
packages built from go sources involving multiple libraries.

Examples of Golang executables include docker.io, containerd, etcd, grafana, 
runc, acbuild, docker2aci, influxdb, rkt, consul, fleet, nomad, skydns, 
kubernetes-{node|master|client}, etc.

-- 
All the best,
 Dmitry Smirnov.

---

To swallow and follow, whether old doctrine or new propaganda, is a
weakness still dominating the human mind.
        -- Charlotte P. Gilman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-go-maintainers/attachments/20160711/e603b8bb/attachment.sig>


More information about the Pkg-go-maintainers mailing list