Maytham Alsudany <maytha8thedev@gmail.com> writes: > Hi Go team, > > I require a sponsor to review and upload the following packages for me. > > New packages: > - golang-github-pjbgf-sha1cd > - golang-github-skeema-knownhosts I reviewed these, and have uploaded them. Builds fine: https://salsa.debian.org/jas/golang-github-pjbgf-sha1cd/-/pipelines/658031 https://salsa.debian.org/jas/golang-github-skeema-knownhosts/-/pipelines/658035 I wonder if the sha1cd test data is copyrighted and licensed as per upstream's claims, but I have no fact to speak against the claim either so I will merely make this comment about it. I only took a look at the first package below, but the added dependencies made it too complicated for me to build right now. Maybe more later... /Simon > Updated packages: > - golang-github-go-git-go-git [RC] > - Fixes: CVE-2023-49568, CVE-2023-49569, Closes: #1060701 > - golang-github-go-git-go-git-fixtures > - golang-github-go-git-go-billy > > Kind regards, > Maytham >
Attachment:
signature.asc
Description: PGP signature