[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#928026: security support for golang packages in Buster


On Fri, May 10, 2019 at 10:44:13AM +0800, Shengjing Zhu wrote:
> Hi the security team,
> On Thu, May 9, 2019 at 1:53 AM Moritz Muehlenhoff <jmm@inutil.org> wrote:
> [...]
> >
> > There's the additional issue that ftp-master and security-master don't
> > share tarballs; binNMUs are only possible for packages which are on
> > security-master, so we'd need to do manual source uploads for every
> > affected go package.
> >
> I probably lack of some historical background, have you ever think of
> merging ftp-master and security-master?

The security team does not manage dak on security-master, this is
actually ftp-masters domain. The separation has as disadantages and
advantages, one which comes to my mind idepenently on the aspect of
the one beeing security-master is to have a fallback updateing channel
in case one or the other cannot be used.

But okay that's not the point.

There is #823820 for one Built-Using aspect, but the idea might be
possible to generalize to have on every time orig tarballs from
main archive available on security-master as well.


Reply to: