Bug#928026: release-notes: document the state of security support for golang packages in Buster

To: 928026@bugs.debian.org
Cc: Paul Gevers <elbrus@debian.org>
Subject: Bug#928026: release-notes: document the state of security support for golang packages in Buster
From: Justin B Rye <justin.byam.rye@gmail.com>
Date: Tue, 4 Jun 2019 16:50:34 +0100
Message-id: <[🔎] 20190604155034.iqeof7cvtvrqwwzh@jbr.me.uk>
Reply-to: Justin B Rye <justin.byam.rye@gmail.com>, 928026@bugs.debian.org
In-reply-to: <[🔎] c2a0529e-5f26-b6b7-aa4b-030a2c9fa86e@debian.org>
References: <f1a737f3-b0d9-1111-f42e-bb10196b63f6@debian.org> <20190420210734.GA22183@pisco.westfalen.local> <20190426102958.c3h22jetcdn2s4ov@layer-acht.org> <20190426102958.c3h22jetcdn2s4ov@layer-acht.org> <20190426102958.c3h22jetcdn2s4ov@layer-acht.org> <[🔎] c2a0529e-5f26-b6b7-aa4b-030a2c9fa86e@debian.org> <20190426102958.c3h22jetcdn2s4ov@layer-acht.org>

Paul Gevers wrote:
> +  <section id="golang-static-linking">
> +    <title>Go based packages</title>
> +    <para>
> +      The Debian infrastructure currently doesn't properly enable rebuilding
> +      packages that statically link parts of other packages on a large
> +      scale. Until buster that hasn't been a problem in practice, but with the

(I'm adding a stretch-to-buster tag, since if this is still true for
buster-to-bullseye then it'll at least need a change from "hasn't
been" to "wasn't".)

> +      growth of the Go ecosystems it means that Go based packages won't be

That should probably be "ecosystem", singular.

> +      covered by regular security support until the infrastructure is improved
> +      to cope with these kind of packages in a maintainable manner.

"These kind of" is normal in spoken English, but formal written
English prefers either "this kind of package" or "these kinds of
packages".  Or maybe we just want:

         to deal with them maintainably.

> +    </para>
> +    <para>
> +      If updates are warranted, they can only come via regular point releases
> +      and thus may be deployed late.

To avoid implying "too late" we might phrase this as:

         If updates are warranted, they can only come via regular point releases,
         which may be slow in arriving.

-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

diff --git a/en/issues.dbk b/en/issues.dbk
index af7ca5c2..6ead1ec6 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -508,18 +508,19 @@ $ sudo update-initramfs -u
   </section>
 
   <section id="golang-static-linking">
+    <!-- stretch to buster -->
     <title>Go based packages</title>
     <para>
       The Debian infrastructure currently doesn't properly enable rebuilding
       packages that statically link parts of other packages on a large
       scale. Until buster that hasn't been a problem in practice, but with the
-      growth of the Go ecosystems it means that Go based packages won't be
+      growth of the Go ecosystem it means that Go based packages won't be
       covered by regular security support until the infrastructure is improved
-      to cope with these kind of packages in a maintainable manner.
+      to deal with them maintainably.
     </para>
     <para>
-      If updates are warranted, they can only come via regular point releases
-      and thus may be deployed late.
+      If updates are warranted, they can only come via regular point releases,
+      which may be slow in arriving.
     </para>
   </section>
 </section>

Reply to:

References:
- Bug#928026: release-notes: document the state of security support for golang packages in Buster
  - From: Paul Gevers <elbrus@debian.org>

Prev by Date: Re: Bug#928956: Document removal of ecryptfs-utils from Buster
Next by Date: Bug#928026: marked as done (release-notes: document the state of security support for golang packages in Buster)
Previous by thread: Processed: Re: release-notes: document the state of security support for golang packages in Buster
Next by thread: Processed: patch pushed
Index(es):
- Date
- Thread