Hi Andrew,

On 07/04/2026 14:46, Andrew Lee wrote:
Hello team,

I am fixing CVE-2026-33186 in golang-google-grpc by updating it to the
fixed upstream new version.

However, the package builds but I noticed some old code under
`debian/missing-sources/`.

To avoid any protencial issues, I would like to ensure these are up to
date as well.
But I foud no document for how to update files under
`debian/missing-sources/`, anyone who may give me any example or
hints?

As a reminder, I did update some of them in https://salsa.debian.org/go-team/packages/golang-google-grpc/-/merge_requests/4

What I did was downloading the .zip from Github and then copying the needed files to missing-source. I agree that this is not ideal and that it would be good to at least document this in debian/README.sources, and if possible, make a simple script to update them (also documented in README.sources.

--
Nicolas Peugnet

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to