Hi Salvatore,
CC to Sascha and the Debian Go Packaging team, and tagging the issue moreinfo for having input from SAscha and the Debian Go packaging team.golang-gopkg-pg.v5 has not seen updates since 2021 (with a no-change NMU) from Holger, and only uploads back in 2018.
I see.
As the package hat (at least one security) issue open, should golang-gopkg-pg.v5 (and so as well srcfever) be removed from unstable (and forky)?
Since I'd be sad to see fever go, I would be happy to package a more recent version of go-pg (e.g. 10.15.0 which should not be affected by the CVE open as a bug on the current package [1]) and ensure that fever can build with that, also updating the dependency there. We should then be fine to remove v5 from unstable and forky once the new version of go-pg has passed NEW.
Would that be OK with you? Thanks and best regards Sascha [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111939
OpenPGP_signature.asc
Description: OpenPGP digital signature
