Greetings Security Team and Go Team members, (Note that I am not subscribed to the debian-go mailing list and I appreciated to be kept in the CC of replies.)
Last month I updated golang-yaml.v2 in buster LTS (DLA-3479-1). This was work that I took over from another LTS contributor, and since I am not familiar with updates of Go packages, it seems that I may have overlooked the need to rebuild rdeps. A member of the LTS team has prepared a page regarding updates of Go packages [0], which I only found out about out quite recently. However, in speaking with Sylvain (the author of the page) he noted that the page has not been reviewed by members of the Go Team or the Security Team. So, he recommended that I seek specific guidance in this case. I prepared the update of golang-yaml.v2 and uploaded it. When I found out about the page I mentioned, I executed the command below (in a buster chroot): dose-ceve --deb-native-arch=amd64 -r golang-yaml.v2 -T debsrc debsrc:///var/lib/apt/lists/deb.debian.org_debian_dists_buster_main_source_Sources deb:///var/lib/apt/lists/deb.debian.org_debian_dists_buster_main_binary-amd64_Packages | grep-dctrl -n -s Package '' | sort -u The resulting list of packages (attached) showed that there were 101 rdeps. I would like to request some guidance about how to handle the situation. I am aware that Go based packages have limited support, as per [1]. Thus, I am wondering what, even with limited support, would be reasonable for us to do. Do all 101 of the rdeps need to be rebuilt in order for the update I prepared to be considered complete? Is there something subset that can/should/must be rebuilt? Is there anything else that I need to do in relation to this? Regards, -Roberto [0] https://lts-team.pages.debian.net/wiki/TestSuites/golang.html [1] https://www.debian.org/releases/{buster,bullseye,bookworm}/amd64/release-notes/ch-information.en.html#golang-static-linking -- Roberto C. Sánchez
acmetool balboa burrow consul consulfs continuity debos dnscrypt-proxy dnss docker-libkv docker-registry docker.io etcd fever g10k git-lfs gitlab-workhorse go-exploitdb goiardi golang-github-aanand-compose-file golang-github-aelsabbahy-gonetstat golang-github-appc-cni golang-github-appc-docker2aci golang-github-armon-go-metrics golang-github-blevesearch-bleve golang-github-canonicalltd-raft-membership golang-github-canonicalltd-raft-test golang-github-cloudflare-cfssl golang-github-cloudflare-redoctober golang-github-containerd-cgroups golang-github-coreos-go-systemd golang-github-coreos-pkg golang-github-couchbase-moss golang-github-dnaeon-go-vcr golang-github-dnephin-cobra golang-github-docker-engine-api golang-github-docker-go-connections golang-github-docker-go-metrics golang-github-docker-leadership golang-github-fsouza-go-dockerclient golang-github-getkin-kin-openapi golang-github-ghodss-yaml golang-github-go-chef-chef golang-github-googleapis-gnostic golang-github-grpc-ecosystem-go-grpc-prometheus golang-github-grpc-ecosystem-grpc-gateway golang-github-hashicorp-memberlist golang-github-hashicorp-raft golang-github-hashicorp-raft-boltdb golang-github-hashicorp-scada-client golang-github-hashicorp-serf golang-github-hlandau-dexlogconfig golang-github-juju-utils golang-github-juju-version golang-github-mwitkow-go-conntrack golang-github-natefinch-lumberjack golang-github-opencontainers-image-spec golang-github-prometheus-client-golang golang-github-prometheus-common golang-github-prometheus-tsdb golang-github-samalba-dockerclient golang-github-spf13-cobra golang-github-spf13-viper golang-github-xordataexchange-crypt golang-go.opencensus golang-gopkg-natefinch-lumberjack.v2 google-cloud-print-connector gost gosu hugo influxdb mender-cli notary prometheus prometheus-alertmanager prometheus-apache-exporter prometheus-bind-exporter prometheus-bird-exporter prometheus-blackbox-exporter prometheus-haproxy-exporter prometheus-mailexporter prometheus-mongodb-exporter prometheus-mysqld-exporter prometheus-nginx-exporter prometheus-node-exporter prometheus-postgres-exporter prometheus-process-exporter prometheus-pushgateway prometheus-snmp-exporter prometheus-sql-exporter prometheus-squid-exporter prometheus-varnish-exporter rclone restic runc sia slinkwatch snapd syncthing umoci vuls
