Control: tags -1 patch On Fri, 26 Apr 2019 10:29:58 +0000 Holger Levsen <holger@layer-acht.org> wrote: > package: release-notes > > This is already an issue in Stretch (e.g. #922170), but will be much > > worse in Buster, so unless someone reliably commits to work on > > this ASAP the available options are to drop everything Go apart > > from the toolchain packages from buster or exclude of all that mess > > from security updates so that people know what they can expect. > > filing a bug (in coordination with Moritz) so this doesnt get forgotten. I have pushed a first version (attached). Paul
From f9cea40327e80aa405fc3878a54fcb4cad313027 Mon Sep 17 00:00:00 2001 From: Paul Gevers <elbrus@debian.org> Date: Mon, 3 Jun 2019 22:06:13 +0200 Subject: [PATCH] issues.dbk: Go and static linking Closes: #928026 --- en/issues.dbk | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/en/issues.dbk b/en/issues.dbk index 481df49b..14993901 100644 --- a/en/issues.dbk +++ b/en/issues.dbk @@ -506,6 +506,22 @@ $ sudo update-initramfs -u The same strategy will be applied for Thunderbird. </para> </section> + + <section id="golang-static-linking"> + <title>Go based packages</title> + <para> + The Debian infrastructure currently doesn't properly enable rebuilding + packages that statically link parts of other packages on a large + scale. Until buster that hasn't been a problem in practice, but with the + growth of the Go ecosystems it means that Go based packages won't be + covered by regular security support until the infrastructure is improved + to cope with these kind of packages in a maintainable manner. + </para> + <para> + If updates are warranted, they can only come via regular point releases + and thus may be deployed late. + </para> + </section> </section> <section id="package-specific-issues"> -- 2.20.1
Attachment:
signature.asc
Description: OpenPGP digital signature