[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#990825: [pre-approval] unblock: golang-1.15/1.15.9-6

Control: tags -1 moreinfo

On 2021-07-08 23:46:31, Shengjing Zhu wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: zhsj@debian.org, team@security.debian.org
> 
> Please unblock package golang-1.15
> 
> [ Reason ]
> Just received a pre-announcement[1] by Go upstream:
> 
> > We plan to issue Go 1.16.6 and Go 1.15.14 on Monday, July 12.
> > These are minor releases that include security fixes to the standard library.
> 
> [1] https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0/m/VK1iHZosAgAJ
> 
> Go upstream defines there levels for security issue, PUBLIC, PRIVATE, and URGENT.
> This is level PRIVATE.
> 
> [ Impact ]
> 
> [ Tests ]
> 
> [ Risks ]
> 
> It's security fix to standard library. So it needs binNMU for all Go packages.

That's about 1.7k source packages. It would help if you can reduce the
set of affected packages to not waste time chasing binNMUs for packages
that don't need them.

Cheers

> As it's near hard freeze, I'd like to ask whether to fix it before release or after.
> I don't have preference FWIW.
> CCed security team as well.
> 
> [ Checklist ]
>   [ ] all changes are documented in the d/changelog
>   [ ] I reviewed all changes and I approve them
>   [ ] attach debdiff against the package in testing
> 
> [ Other info ]
> 
> That's just pre-announcement by Go upstream. So I really don't have diff yet.
> 
> unblock golang-1.15/1.15.9-6
> 

-- 
Sebastian Ramacher
Reply to: