Hi Emilio,
> Also, can't we reduce this list further? Are all those packages using the
> crypto
> module?
I can remove:
* kxd
* golang-bindata
* golang-gogoprotobuf
* golang-goprotobuf
* ngrok
* obfs4proxy
* pt-websocket
* slt
I've gone-ahead and uploaded the rest.
Regards,
--
On Mon, 11 Feb 2019 at 21:28, Emilio Pozuelo Monfort
wrote:
> On 11/02/2019 09:24, Chris Lamb wrote:
> > Hi Tobias,
> >
> >> The remaining packages on the list maybe need a rebuild for jessie:
> >>
> >> aptly
> >> direnv
> >> golang-bindata
> >> golang-gogoprotobuf
> >> golang-goprotobuf
> >>
On 11/02/2019 09:24, Chris Lamb wrote:
> Hi Tobias,
>
>> The remaining packages on the list maybe need a rebuild for jessie:
>>
>> aptly
>> direnv
>> golang-bindata
>> golang-gogoprotobuf
>> golang-goprotobuf
>> heartbleeder
>> kxd
>> ngrok
>> obfs4proxy
>> pt-websocket
>> slt
>
> Great stuff —
Hi Tobias,
> The remaining packages on the list maybe need a rebuild for jessie:
>
> aptly
> direnv
> golang-bindata
> golang-gogoprotobuf
> golang-goprotobuf
> heartbleeder
> kxd
> ngrok
> obfs4proxy
> pt-websocket
> slt
Great stuff — thanks for this. LTS team, just as a sanity check;
Am 08.02.2019 um 20:46 schrieb Dr. Tobias Quathamer:
> With that in mind, the list gets much shorter. Is there an easy way to
> find out if a source package produces only the -dev binary package? One
> hint at finding the right packages would be that the -dev packages are
> arch:all, while other
Am 08.02.2019 um 17:31 schrieb Chris Lamb:
> Hi Tobias,
>
>> $ grep-dctrl -FBuild-Depends golang-go -w -sPackage
>> /var/lib/apt/lists/*Sources
> [..]
>>
>> Please note that there are probably a lot of false positives in this
>> list, because not every package uses crypto/elliptic.
>
> Indeed.
Hi Tobias,
> $ grep-dctrl -FBuild-Depends golang-go -w -sPackage
> /var/lib/apt/lists/*Sources
[..]
>
> Please note that there are probably a lot of false positives in this
> list, because not every package uses crypto/elliptic.
Indeed. So how reliable would it be to look for "crypto/elliptic"
Am 08.02.2019 um 16:20 schrieb Chris Lamb:
> Hi all,
>
>>> There is no sensible way to schedule binnmu's via security. So far none
>>> appeared AFAIK.
> […]
>> thanks for the quick feedback still!
>
> Indeed thanks for the feedback. Looking into this quickly from a
> jessie chroot:
>
> $
