Stuart Prescott <stuart@debian.org> writes: > Hi Andreas > > On 10/09/2025 21:29, Andreas Tille wrote: >> I checked the situation of some Go packages that do not seem to be >> maintained on >> Salsa. Astonishingly I found two different versions of at least one >> package in sid: > > They are actually both in Sources: > > Package: golang-github-docker-libtrust > Version: 0.0~git20150526.0.9cbd2a1-3.1 > Extra-Source-Only: yes > > Package: golang-github-docker-libtrust > Version: 0.0~git20160708.aabc10e-1 > > The Extra-Source-Only header is there to indicate that the particular > version is kept around for the purposes of licence compliance > e.g. where is the source when an output was statically linked; it's a > mirror of one of the Built-Using fields. How do we find out which binary package triggers keeping golang-github-docker-libtrust version 0.0~git20150526.0.9cbd2a1-3.1 around? Should we search Built-Using headers of binary packages? Or Static-Built-Using? Or both? Or some other header? /Simon
Attachment:
signature.asc
Description: PGP signature