[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: golang-go.crypto / CVE-2019-11841

On Fri, Oct 09, 2020 at 12:17:26PM +0200, Emilio Pozuelo Monfort wrote:
> On 09/10/2020 00:23, Brian May wrote:
> > We probably need someway of keeping track of what packages have already
> > been looked at and their status with respect to this rebuild. Not really
> > convinced data/dla-needed.txt is up to this task.
> 
> I would look for an automated way to do this. E.g. by downloading and
> inspecting the binaries to see if they have the affected code.
> 
> I think Adrian handled a go update and its rdeps in the past. Adding him to
> Cc in case he has any ideas.
>...

I went manually through the rdeps, and claimed only Go packages with
few redps needing rebuilding.

So sorry, no easy ideas from me.

> Cheers,
> Emilio

cu
Adrian
Reply to: