Paul Wise writes:
> On Mon, 2024-01-15 at 10:17 +0100, Bastian Blank wrote:
>
>> I asked for practical solutions, not theoretical ones. We don't have a
>> suitable way to rebuild all packages just because right now.
>
> There are some ideas on the static linking wiki page:
>
> https://wiki.debia
Le mar. 16 janv. 2024 à 11:00, Simon Josefsson a
écrit :
> Paul Wise writes:
>
> > On Mon, 2024-01-15 at 10:17 +0100, Bastian Blank wrote:
> >
> >> I asked for practical solutions, not theoretical ones. We don't have a
> >> suitable way to rebuild all packages just because right now.
> >
> > Th
tis 2024-01-16 klockan 11:22 +0100 skrev Jérémy Lal:
>
>
> Le mar. 16 janv. 2024 à 11:00, Simon Josefsson
> a écrit :
> > Paul Wise writes:
> >
> > > On Mon, 2024-01-15 at 10:17 +0100, Bastian Blank wrote:
> > >
> > > > I asked for practical solutions, not theoretical ones. We
> > > > don't
Hi,
On 1/16/24 03:55, Simon McVittie wrote:
I would personally like to see *more* privilege separation across IPC
boundaries rather than less, if that can reduce the total attack surface
of the setuid/setcap executables in the trusted computing base.
Yes, however there is a downside to buildi
On Tue, Jan 16, 2024 at 11:22:48AM +0100, Jérémy Lal wrote:
> I naively believed that golang-* packages expressed those dependencies with
> "Built-Using".
As Built-Using is for license compliance only, no?
See
https://www.debian.org/doc/debian-policy/ch-relationships.html#additional-source-packag
On Tue, Jan 16, 2024 at 10:59:30AM +0100, Simon Josefsson wrote:
> Rebuilding a bit more than what is strictly needed sounds fine as a
> first solution to me.
Building maybe. But how do you want to publish them? The security
archive is not made to handle that.
> My naive approach on how to fix
On Tue, 16 Jan 2024 at 20:13:21 +0900, Simon Richter wrote:
> On 1/16/24 03:55, Simon McVittie wrote:
> > I would personally like to see *more* privilege separation across IPC
> > boundaries rather than less, if that can reduce the total attack surface
> > of the setuid/setcap executables in the tr
Le mar. 16 janv. 2024 à 13:09, Bastian Blank a écrit :
> On Tue, Jan 16, 2024 at 11:22:48AM +0100, Jérémy Lal wrote:
> > I naively believed that golang-* packages expressed those dependencies
> with
> > "Built-Using".
>
> As Built-Using is for license compliance only, no?
>
> See
>
> https://www.
On 1/16/24 13:56, Jérémy Lal wrote:
As Built-Using is for license compliance only, no?
See
https://www.debian.org/doc/debian-policy/ch-relationships.html#additional-source-packages-used-to-build-the-binary-built-using
Indeed, thanks for the link.
it seems that many people think that "Buil
On Tue, Jan 16, 2024 at 04:44:14PM +0100, IOhannes m zmölnig (Debian GNU|Linux)
wrote:
> On 1/16/24 13:56, Jérémy Lal wrote:
> > >
> > > As Built-Using is for license compliance only, no?
> > >
> > > See
> > >
> > > https://www.debian.org/doc/debian-policy/ch-relationships.html#additional-sourc
"IOhannes m zmölnig (Debian GNU|Linux)" writes:
> On 1/16/24 13:56, Jérémy Lal wrote:
>>>
>>> As Built-Using is for license compliance only, no?
>>>
>>> See
>>>
>>> https://www.debian.org/doc/debian-policy/ch-relationships.html#additional-source-packages-used-to-build-the-binary-built-using
>> In
On 1/16/24 17:20, Simon Josefsson wrote:
it seems that many people think that "Built-Using" can be used to
express static linking (including yours truly, even though i *know*
that it is meant for license compliance only).
which makes me wonder: probably we should have an additional field
that e
Bastian Blank writes:
> On Tue, Jan 16, 2024 at 10:59:30AM +0100, Simon Josefsson wrote:
>> Rebuilding a bit more than what is strictly needed sounds fine as a
>> first solution to me.
>
> Building maybe. But how do you want to publish them? The security
> archive is not made to handle that.
W
> "Simon" == Simon Josefsson writes:
Simon> Right, these are slightly different technical problems, but
Simon> as far as the brief discussion in the release notes --
Simon>
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
El 16/01/24 a las 17:43, Simon Josefsson escribió:
> Bastian Blank writes:
>
> > On Tue, Jan 16, 2024 at 10:59:30AM +0100, Simon Josefsson wrote:
> >> Rebuilding a bit more than what is strictly needed sounds fine as a
> >> first solution to me.
> >
> > Building maybe. But how do you want to pub
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson
* Package name: golang-github-common-nighthawk-go-figure
Version : 0.0~git20210622.734e95f-1
Upstream Author : Daniel Deutsch
* URL : https://github.com/common-nighthawk/go-figure
* License : Expat
Progr
16 matches
Mail list logo
