[pkg-golang-devel] [SECURITY] [DLA 1664-1] golang security update
Holger Levsen
holger at layer-acht.org
Wed Feb 6 23:24:34 GMT 2019
Dear golang maintainers and security team,
this came up on the LTS mailing list...
On Wed, Feb 06, 2019 at 11:42:12PM +0100, Chris Lamb wrote:
> > all golang Debian packages are (as elsewhere) statically compiled
> > and linked so we'd need to rebuild all the rdeps
> Hm. Can we avoid /all/ the rdeps? I mean, grep the rdeps for ones
> that use this library?
how was this handled for DSA-4379 and 4380?
--
tschau,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-golang-devel/attachments/20190206/7e454e15/attachment.sig>
More information about the pkg-golang-devel
mailing list