[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 1664-1] golang security update

Hi all,

> > There is no sensible way to schedule binnmu's via security. So far none
> > appeared AFAIK.
> thanks for the quick feedback still!

Indeed thanks for the feedback. Looking into this quickly from a
jessie chroot:

    $ build-rdeps golang

    Reverse Build-depends in main:

Assuming that is right (it seems a curiously small number to me...)
I then believe we may only need sourceful uploads of:

 * aptly
 * heartbleeder
... as golang-gocapability-dev does not import "crypto/elliptic".
However, it could be using it transitively so it might be worth
uploading just in case.

Sound sensible?

Best wishes,

     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk

Reply to: