Re: [SECURITY] [DLA 1664-1] golang security update
On 2019-02-06 23:42:12, Chris Lamb wrote:
> Hi Antoine,
>> all golang Debian packages are (as elsewhere) statically compiled
>> and linked so we'd need to rebuild all the rdeps
> Hm. Can we avoid /all/ the rdeps? I mean, grep the rdeps for ones
> that use this library?
Yeah, that's what I was implying, sorry if that was unclear... I'm not
actually sure how that works. I assume it's a bunch of binNMUs, but we
first need to figure out which packages actually use that specific lib.
Maintaining golang security update is really tricky.. :/ I wish we could
just dynamically link everything in Debian, but I'm afraid that's heresy
(even if technically possible, apparently) in Golang circles...
The greatest crimes in the world are not committed by people breaking
the rules but by people following the rules. It's people who follow
orders that drop bombs and massacre villages.