Control: tags -1 patch On Fri, 26 Apr 2019 10:29:58 +0000 Holger Levsen <holger@layer-acht.org> wrote: > package: release-notes > > This is already an issue in Stretch (e.g. #922170), but will be much > > worse in Buster, so unless someone reliably commits to work on > > this ASAP the available options are to drop everything Go apart > > from the toolchain packages from buster or exclude of all that mess > > from security updates so that people know what they can expect. > > filing a bug (in coordination with Moritz) so this doesnt get forgotten. I have pushed a first version (attached). Paul
From f9cea40327e80aa405fc3878a54fcb4cad313027 Mon Sep 17 00:00:00 2001
From: Paul Gevers <elbrus@debian.org>
Date: Mon, 3 Jun 2019 22:06:13 +0200
Subject: [PATCH] issues.dbk: Go and static linking
Closes: #928026
---
en/issues.dbk | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/en/issues.dbk b/en/issues.dbk
index 481df49b..14993901 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -506,6 +506,22 @@ $ sudo update-initramfs -u
The same strategy will be applied for Thunderbird.
</para>
</section>
+
+ <section id="golang-static-linking">
+ <title>Go based packages</title>
+ <para>
+ The Debian infrastructure currently doesn't properly enable rebuilding
+ packages that statically link parts of other packages on a large
+ scale. Until buster that hasn't been a problem in practice, but with the
+ growth of the Go ecosystems it means that Go based packages won't be
+ covered by regular security support until the infrastructure is improved
+ to cope with these kind of packages in a maintainable manner.
+ </para>
+ <para>
+ If updates are warranted, they can only come via regular point releases
+ and thus may be deployed late.
+ </para>
+ </section>
</section>
<section id="package-specific-issues">
--
2.20.1
Attachment:
signature.asc
Description: OpenPGP digital signature