Re: Limited security support for Go/Rust? Re ssh3

To: debian-devel@lists.debian.org
Subject: Re: Limited security support for Go/Rust? Re ssh3
From: Robert Edmonds <edmonds@debian.org>
Date: Sun, 14 Jan 2024 11:53:50 -0500
Message-id: <[🔎] ZaQRnu-kX0Wxa5UM@mycre.ws>
In-reply-to: <[🔎] 87v87wrl86.fsf@kaka.sjd.se>
References: <87cyup5mix.fsf@kaka.sjd.se> <1fe67b9f-f332-4239-9f96-3d780c0e8106@debian.org> <ZZARdHGmUlUZZa0o@riva.ucam.org> <87cyup5mix.fsf@kaka.sjd.se> <a9c550619c1944fe6db7ea33b27774e0f8d75e6e.camel@posteo.de> <[🔎] 874jfgtffd.fsf_-_@kaka.sjd.se> <[🔎] 20240114111729.rhi7eekkd3h5fpjg@shell.thinkmo.de> <[🔎] 87v87wrl86.fsf@kaka.sjd.se>

Simon Josefsson wrote:
> Isn't that what the text refers to?  Vendoring and static linking are
> two examples of the same problem that the security team may encounter.
> The problem with dependencies are more obvious for Go/Rust code but I
> think we always have had that problem anyway.

Another example of this class of problem is header only C++ libraries.

-- 
Robert Edmonds
edmonds@debian.org

Reply to:

References:
- Limited security support for Go/Rust? Re ssh3
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Bastian Blank <waldi@debian.org>
- Re: Limited security support for Go/Rust? Re ssh3
  - From: Simon Josefsson <simon@josefsson.org>

Prev by Date: Bug#1060805: ITP: pusimp -- prevent user-site imports
Next by Date: Bug#1060810: ITP: golang-github-sassoftware-go-rpmutils -- Golang implementation of parsing RPM packages
Previous by thread: Re: Limited security support for Go/Rust? Re ssh3
Next by thread: Re: Limited security support for Go/Rust? Re ssh3
Index(es):
- Date
- Thread