Got it, thanks.

On Wed, Jan 23, 2019 at 6:41 PM Julie Qiu <ju...@golang.org> wrote:
>
> We will not be updating the archives for this release. The reason is because 
> these directories do not affect functionality, and we do not want to risk the 
> availability of the security release, nor we want to change the contents of 
> already published archives.
>
> Julie
>
> On Wed, Jan 23, 2019 at 8:00 PM andrey mirtchovski <mirtchov...@gmail.com> 
> wrote:
>>
>> sorry to be a bother, but are you publishing new archives? will you
>> publish new hashes for the archives with the commands executed thusly?
>>
>> On Wed, Jan 23, 2019 at 5:12 PM Julie Qiu <ju...@golang.org> wrote:
>> >
>> > Hello gophers,
>> >
>> > Due to an issue with the release tooling (https://golang.org/issue/29906), 
>> > go1.11.5.linux-amd64.tar.gz and go1.10.8.linux-amd64.tar.gz include two 
>> > unnecessary directories in the root of the archive: "gocache" and "tmp".
>> >
>> > They are harmless and safe to remove.
>> >
>> > The following commands can be used to extract only the necessary “go” 
>> > directory from the archives:
>> >
>> > tar -C /usr/local -xzf go1.11.5.linux-amd64.tar.gz go
>> > tar -C /usr/local -xzf go1.10.8.linux-amd64.tar.gz go
>> >
>> >
>> > These commands will create a Go tree in /usr/local/go.
>> >
>> > Sorry for the inconvenience,
>> > Julie (on behalf of the Go team)
>> >
>> > On Wed, Jan 23, 2019 at 4:53 PM Julie Qiu <ju...@golang.org> wrote:
>> >>
>> >> Hi gophers,
>> >>
>> >> We have just released Go 1.11.5 and Go 1.10.8 to address a recently 
>> >> reported security issue. We recommend that all users update to one of 
>> >> these releases (if you’re not sure which, choose Go 1.11.5).
>> >>
>> >> This DoS vulnerability in the crypto/elliptic implementations of the 
>> >> P-521 and P-384 elliptic curves may let an attacker craft inputs that 
>> >> consume excessive amounts of CPU.
>> >>
>> >> These inputs might be delivered via TLS handshakes, X.509 certificates, 
>> >> JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH 
>> >> private key is reused more than once, the attack can also lead to key 
>> >> recovery.
>> >>
>> >> The issue is CVE-2019-6486 and Go issue golang.org/issue/29903. See the 
>> >> Go issue for more details.
>> >>
>> >> Downloads are available at https://golang.org/dl for all supported 
>> >> platforms.
>> >>
>> >> Cheers,
>> >>
>> >> Julie (on behalf of the Go team)
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups 
>> > "golang-dev" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an 
>> > email to golang-dev+unsubscr...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to