Bug#799019: jessie-pu: package golang/2:1.3.3-1+deb8u1
On 5 November 2015 at 06:23, Adam D. Barratt <adam@adam-barratt.org.uk> wrote:
> Do you have an estimate of how many packages that would be? I looked at
> the output of "dak rm -Rn -s stable golang" and made various sad faces.
That sad face is 100% warranted. :( I don't know the number off-hand,
but I imagine it's pretty large by now.
> (Also, do -dev packages that are architecture-dependent also need
> rebuilding? I wasn't clear from your description, but for instance:
>
> golang-websocket-dev | 0.0~git20140119-1 | stable | amd64, armel, armhf, i386
> golang-websocket-dev | 0.0~git20150811.0.b6ab76f-1 | testing | all
> golang-websocket-dev | 0.0~git20150811.0.b6ab76f-1 | unstable | all
> )
Right -- I meant -dev packages which are arch:all, since they're going
to just be full of .go files. Any that aren't _probably_ contain a
binary, and thus would need a rebuild (or a maintainer made a mistake
and it's really supposed to be an arch:all package, but I don't think
we've got many of those left).
>> To Salvatore's comment, I'd be happy to update to include the fix for
>> that too if RT is OK with it. :) (Meanwhile will work on getting a
>> fix for it into unstable.)
>
> It doesn't look like that happened yet? (Or the Security Tracker hasn't
> been updated.)
I think this is a case of the security tracker not being updated:
| golang (2:1.4.3-1) unstable; urgency=medium
|
| * New upstream version
(https://golang.org/doc/devel/release.html#go1.4.minor)
| - includes previous CVE and non-CVE security fixes, especially
| TEMP-0000000-1C4729
|
| -- Tianon Gravi <tianon@debian.org> Fri, 25 Sep 2015 00:02:31 -0700
(Upstream made a 1.4.3 release that is 1.4.2 + CVE and security fixes.)
♥,
- Tianon
4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4
Reply to: