Control: tags -1 moreinfo On 2021-07-08 23:46:31, Shengjing Zhu wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: z...@debian.org, t...@security.debian.org > > Please unblock package golang-1.15 > > [ Reason ] > Just received a pre-announcement[1] by Go upstream: > > > We plan to issue Go 1.16.6 and Go 1.15.14 on Monday, July 12. > > These are minor releases that include security fixes to the standard > > library. > > [1] https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0/m/VK1iHZosAgAJ > > Go upstream defines there levels for security issue, PUBLIC, PRIVATE, and > URGENT. > This is level PRIVATE. > > [ Impact ] > > [ Tests ] > > [ Risks ] > > It's security fix to standard library. So it needs binNMU for all Go packages.
That's about 1.7k source packages. It would help if you can reduce the set of affected packages to not waste time chasing binNMUs for packages that don't need them. Cheers > As it's near hard freeze, I'd like to ask whether to fix it before release or > after. > I don't have preference FWIW. > CCed security team as well. > > [ Checklist ] > [ ] all changes are documented in the d/changelog > [ ] I reviewed all changes and I approve them > [ ] attach debdiff against the package in testing > > [ Other info ] > > That's just pre-announcement by Go upstream. So I really don't have diff yet. > > unblock golang-1.15/1.15.9-6 > -- Sebastian Ramacher
