Security updates for software written in Go

To: debian-security@lists.debian.org
Subject: Security updates for software written in Go
From: Laurențiu Păncescu <lpancescu@gmail.com>
Date: Fri, 13 Nov 2020 13:09:44 +0100
Message-id: <[🔎] f719c99d-56d2-ce5e-9489-e997b8b20827@gmail.com>

Hello,

the Debian Buster release notes state that no security updates arepossible for software written in Go due to its static linking - Debianlacks the infrastructure to mass-rebuild all affected Go packages. Didthis change in the mean time? If not, is there ongoing work to change this?

The same release notes state that just Firefox and Chromium can besupported with security updates, but Chromium is several major versionsbehind in Buster, it appears as vulnerable to lots of CVEs and the lastDSA for chromium was at the beginning of July.


Best regards,
Laurentiu

[1]https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#limited-security-support

[2] https://security-tracker.debian.org/tracker/source-package/chromium

Reply to:

Prev by Date: Re: fun with mailinglists (was Re: Is chromium updated?)
Next by Date: Re: fun with mailinglists (was Re: Is chromium updated?)
Previous by thread: Re: /home/loser is with permissions 755, default umask 0022
Next by thread: madness
Index(es):
- Date
- Thread