Dear golang maintainers and security team,
this came up on the LTS mailing list...
On Wed, Feb 06, 2019 at 11:42:12PM +0100, Chris Lamb wrote:
> > all golang Debian packages are (as elsewhere) statically compiled
> > and linked so we'd need to rebuild all the rdeps
> Hm. Can we avoid /all/ the rdeps? I mean, grep the rdeps for ones
> that use this library?
how was this handled for DSA-4379 and 4380?
--
tschau,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature