Re: [pkg-go] [pkg-golang-devel] Security support for packages written in Go

2016-07-11 Thread Peter Colberg
On Mon, Jul 11, 2016 at 11:02:59PM +1200, Michael Hudson-Doyle wrote: > A Built-Using field must list the corresponding source package for any > such binary package incorporated during the build..." > > Lots of -dev packages _do_ have Built-Using though, we should try to > kill them off... Could

Re: [pkg-go] [pkg-golang-devel] Security support for packages written in Go

2016-07-11 Thread Dmitry Smirnov
On Monday, 11 July 2016 9:22:12 AM AEST Florian Weimer wrote: > Hmm. I poked at a few packages, and here is what I found: > golang-siphash-dev does not have any Built-Using header. > golang-gopkg-tylerb-graceful.v1-dev does not list golang-x-text, > although its dependency golang-golang-x-net-dev

Re: [pkg-go] [pkg-golang-devel] Security support for packages written in Go

2016-07-11 Thread Florian Weimer
* Michael Hudson-Doyle: > On 10 July 2016 at 07:39, Florian Weimer wrote: >> * Dmitry Smirnov: >> >>> On Friday, 8 July 2016 8:53:20 AM AEST Florian Weimer wrote: Part of the problem is that we currently lack a decent way to list all these reverse dependencies. >>>

Re: [pkg-go] [pkg-golang-devel] Security support for packages written in Go

2016-07-10 Thread Michael Hudson-Doyle
On 10 July 2016 at 07:39, Florian Weimer wrote: > * Dmitry Smirnov: > >> On Friday, 8 July 2016 8:53:20 AM AEST Florian Weimer wrote: >>> Part of the problem is that we currently lack a decent way to list all >>> these reverse dependencies. >> >> We can get list of all source

Re: [pkg-go] [pkg-golang-devel] Security support for packages written in Go

2016-04-14 Thread Michael Hudson-Doyle
On 14 April 2016 at 19:16, Michael Stapelberg wrote: > Thanks for the patch, it’s now merged and uploaded. Awesome, thanks for that. > I’d prefer if you could send such patches in a bug report instead of to > mailing lists which I don’t actively read :). Noted! > In

Re: [pkg-go] [pkg-golang-devel] Security support for packages written in Go

2016-04-14 Thread Michael Stapelberg
Thanks for the patch, it’s now merged and uploaded. I’d prefer if you could send such patches in a bug report instead of to mailing lists which I don’t actively read :). In fact, I’d say it’s long overdue to make this package team-maintained. The repository is already in collab-maint, so if you

Re: [pkg-go] [pkg-golang-devel] Security support for packages written in Go

2016-04-13 Thread Michael Hudson-Doyle
On 13 April 2016 at 21:05, Michael Hudson-Doyle wrote: > On 13 April 2016 at 17:07, Tianon Gravi wrote: >> On 12 April 2016 at 21:39, Michael Hudson-Doyle >> wrote: >>> We could do it without 1) and the consequent

Re: [pkg-go] [pkg-golang-devel] Security support for packages written in Go

2016-04-13 Thread Michael Hudson-Doyle
On 13 April 2016 at 17:07, Tianon Gravi wrote: > On 12 April 2016 at 21:39, Michael Hudson-Doyle > wrote: >> We could do it without 1) and the consequent re-uploading of every go >> library by using dpkg-query --search a lot, which would be slow

Re: [pkg-go] [pkg-golang-devel] Security support for packages written in Go

2016-04-06 Thread Paul Tagliamonte
I don't think B-U is the appropriate place for this. This means if we didn't change anything in dh-golang, we'd need to binNMU the package before we can decruft the sources that have a newer versions, dak side. With an ftp hat on, I think that's not right. Having the entire build closure in it