Hi Martín, On 05-06-2019 14:34, Martín Ferrari wrote: > Now, still to this day it is also not clear to me what we can do to > address this problem, could you elaorate? One problem is that the security archive doesn't have the sources available from stable to do binNMUs. One other problem is that tools are lacking to schedule binNMUs on the right packages in an efficient manner and in the right order. People hinted there are more issues and that getting them on the table, properly described will take some time, I am not aware of what those issues are. This is the biggest issue at this moment. > I have to say, it feels a bit weird that golang is singled out from > other statically compiled languages that present similar challenges. As mentioned before, those other languages haven't been a problem in real life so far, i.e. apparently there aren't so many CVEs reported for those reverse dependencies and hence no problem for the security team. I take their word for that as I haven't investigated myself. Paul
Attachment:
signature.asc
Description: OpenPGP digital signature