Re: golang-go.crypto / CVE-2019-11841
- To: Debian LTS <debian-lts@lists.debian.org>
- Subject: Re: golang-go.crypto / CVE-2019-11841
- From: Paul Wise <pabs@debian.org>
- Date: Tue, 10 Nov 2020 07:39:14 +0000
- Message-id: <[🔎] CAKTje6HWs8ccSh2Guv9UY_GgsMvO37c=+1SfXZakk9D_47O8uA@mail.gmail.com>
- In-reply-to: <[🔎] 878sbaf9ee.fsf@canidae.wired.pri>
- References: <87k0xes8kr.fsf@canidae.wired.pri> <CABY6=0nbk71vcgXX3yHeKmm1kYZi=+PduFCbiyNCDx8WXDwEQA@mail.gmail.com> <871rjbq50z.fsf@canidae.wired.pri> <CABY6=0mSxsXpjhz-X+=p2wSSeXFuffVf=7X3AQ0GEyy1YRF9-A@mail.gmail.com> <87k0x2edaf.fsf@canidae.wired.pri> <CABY6=0=xDdOo1RH9iJiG=xS0T=GaQ48k+w-RSoLPSbTDcZxCUA@mail.gmail.com> <871rj6m8jr.fsf@canidae.wired.pri> <CABY6=0ku8-9tztUoYS_nU=jX_aUP_VVhyGyZefS+a3jh=tv--A@mail.gmail.com> <87a6x1ism5.fsf@canidae.wired.pri> <CAPP0f95wioPcjGJcdr5-asTvnF2Wfq-JC+fhL=7ORiKnr1P97A@mail.gmail.com> <877ds5ir5a.fsf@canidae.wired.pri> <CAPP0f95oKvN+F2mZrscoGx-Ji+=PUcGopL+HusTd47gp6oakQQ@mail.gmail.com> <87y2kjghen.fsf@canidae.wired.pri> <0f05e2e5-a26d-179f-18d4-c4abdddc5fec@debian.org> <87k0w15edd.fsf@silverfish.pri> <3722204c-542e-7be2-f4a5-49c1cfbcc472@debian.org> <87h7r55dd9.fsf@silverfish.pri> <3388c95b-f3dc-f63c-a927-453c3380c088@debian.org> <87lfgggxw5.fsf@canidae.wired.pri> <[🔎] 87k0v0g3y6.fsf@canidae.wired.pri> <[🔎] 87blg7fpjk.fsf@canidae.wired.pri> <[🔎] 878sbaf9ee.fsf@canidae.wired.pri>
On Mon, Nov 9, 2020 at 10:33 PM Brian May wrote:
> What is this "Built-Using" header?
It documents which source package versions need to be shipped to
ensure license compliance.
https://www.debian.org/doc/debian-policy/ch-relationships.html#additional-source-packages-used-to-build-the-binary-built-using
Please note that golang folks were/are using it in a more general way
than the use it was intended for.
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: