Control: tags -1 - moreinfo Control: tags -1 confirmed Hi Shengjing, On 06-06-2021 08:36, Shengjing Zhu wrote: > On Sun, Jun 6, 2021 at 11:46 AM Paul Gevers <elbrus@debian.org> wrote: >> On 05-06-2021 13:57, Shengjing Zhu wrote: >>> Please unblock package golang-1.15 Unblocked. >> You're well aware that golang builds statically so normally we're not >> done with just accepting one package. Do we now need to also rebuild >> everything that build depends on golang (I'd expect so)? > > Yes. That's why the compiler is uploaded in unstable, as rebuilding in > unstable is much easier before release. We didn't manage to rebuild > any package in buster for the compiler security update after release. So let's keep this bug open to keep track of this and only close it when all rebuilds have migrated. Please know that I expect the golang team to keep an eye on this too and warn us if anything is going wrong or takes longer than expected. Please refrain from uploading any of the reverse dependencies until their rebuild has migrated. > + one package won't migrate, which is kubernetes, but the > outdated-built-using rebuild script will not pick it up, as it doesn't > have built-using field. (This doesn't mean it doesn't need to be > rebuilt for the compiler security update, but no one cares about this > package). I know that last sentence to be untrue. Did you contact the maintainer to inform him? I'm putting him in CC to make him aware of the CVE's. Paul
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature