On Sun, Jan 14, 2024 at 10:47:18AM +0100, Simon Josefsson wrote: > Stephan Verbücheln <verbuech...@posteo.de> writes: > > > On Sat, 30 Dec 2023 12:47:48 +0000 Colin Watson <cjwat...@debian.org> > > wrote: > >> I also feel that something security-critical like this that's > >> labelled by upstream as "still experimental" probably shouldn't > >> be in a Debian release. > > > > It is written in Go. The problem of Go library support in Debian should > > also be considered for a security-critical tool like this. > > > > https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking > > Interesting -- what is the current thinking about this problem? > > The more I think about it, I think it seems unfair to categorize this as > a Go/Rust problem.
+1. Container packages such as docker and podman are also golang packages and also security critical. > ... > My suggestion is that we relax or remove the Go/Rust statement in future > release notes. Or we could as well look at improving the infrastructure to deal with them. Best, Nilesh
signature.asc
Description: PGP signature
