Hi everybody, On Sat, 1 Jun 2019, Paul Gevers wrote:
On that topic, I'd like to take this opportunity to say that soon after the release of buster we will most likely remove Go and it's reverse dependencies from testing and prevent them from entering again until the infrastructure issues are solved.
I wonder why there is a difference between nodejs and Go packages. Security issues within nodejs packages are mostly ignored, however they are not hindered to enter testing.
PS: I am still seeing new upstream version uploads to unstable. I would have expected that it is clear by now that probably isn't smart. At the very least, it doesn't send a good message.
While looking at the golang-* uploads in May, I only found one upload of a new version to unstable after the mentioned list has been created. Given that the upload a few days earlier went to experimental, I would say that this was just an error.
Thorsten