Hi everybody,
I would like to improve the situation of security support for Golang
packages (as already criticised long time ago[1]).
Uploads to Unstable should be no problem, but how would you like to handle
stable/oldstable updates for CVEs that are marked as no-dsa from the
security team?
For example the fix of CVE-2021-42836 in golang-github-tidwall-gjson for
Bullseye requires eight uploads of reverse dependencies. Do you want to
handle each of them with different PU-bugs?
Thorsten
[1] https://lists.debian.org/debian-release/2018/06/msg00725.html