[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [pkg-golang-devel] [SECURITY] [DLA 1664-1] golang security update

Hi Tobias,

> $ grep-dctrl -FBuild-Depends golang-go -w -sPackage
> /var/lib/apt/lists/*Sources
> Please note that there are probably a lot of false positives in this
> list, because not every package uses crypto/elliptic.

Indeed. So how reliable would it be to look for "crypto/elliptic"
and skip those? I fear that might accidentally exclude packages due
to transitive imports / Build-Depends or similar?

Or: should I just save effort and upload the lot?

> Please note that I was not able to get build-rdeps to run in a
> jessie chroot

(Ah, not just me then; I needed to hack the "sid|unstable" bit in
the code but didn't want to yak-shave that at the time!)

Best wishes,

     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk

Reply to: