On 08/10/2020 10:30, Brian May wrote:
Emilio Pozuelo Monfort <pochu@debian.org> writes:Note that many of those are golang modules which only ship go code on the -dev package, and thus don't need a rebuild. OTOH, compiled binaries may need a rebuild if they use the affected code (directly or indirectly).How do I tell which ones need rebuilding? Maybe just the ones without the 'golang-` prefix?
That go be a simplification. However there's a chance one of those golang- packages also has a bin package with a real binary, and then that may need to be rebuilt as well.
Also, not all packages with compiled binaries necessarily need a rebuild. E.g. they may not use the affected code at all, just other parts of golang-go.crypto.
How do I rebuild? Do I need to upload a new version?
Unless they already are in stretch-security, then yes, sourceful uploads will be needed.
Cheers, Emilio