Am 08.02.2019 um 17:31 schrieb Chris Lamb: > Hi Tobias, > >> $ grep-dctrl -FBuild-Depends golang-go -w -sPackage >> /var/lib/apt/lists/*Sources > [..] >> >> Please note that there are probably a lot of false positives in this >> list, because not every package uses crypto/elliptic. > > Indeed. So how reliable would it be to look for "crypto/elliptic" > and skip those? I fear that might accidentally exclude packages due > to transitive imports / Build-Depends or similar? > > Or: should I just save effort and upload the lot?
Hi Chris,
I've just recently joined the go compiler team, so I'm not an expert --
but from my understanding, there should be no transitive imports in this
specific case.
If I understand you correctly, you mean that package "A" does not use
crypto/elliptic itself, but Build-Depends on package "B", which *does*
use crypto/elliptic, right?
The golang compiler itself is affected, so any package ("A" in the
example) which Build-Depends on a -dev package which uses
crypto/elliptic ("B" in the example) should also have a Build-Depends on
golang-go. Therefore, I think it would be save to skip all packages
which only produce a -dev package.
With that in mind, the list gets much shorter. Is there an easy way to
find out if a source package produces only the -dev binary package? One
hint at finding the right packages would be that the -dev packages are
arch:all, while other binary packages are arch:any.
Does this help and/or makes sense? :-)
>> Please note that I was not able to get build-rdeps to run in a
>> jessie chroot
>
> (Ah, not just me then; I needed to hack the "sid|unstable" bit in
> the code but didn't want to yak-shave that at the time!)
:-) Nice to know, I was at a loss in that chroot, only wondering how the
hell you got that command to run ...
Regards,
Tobias
signature.asc
Description: OpenPGP digital signature
