Hi,
On Tue, Apr 26, 2022 at 6:30 AM Thorsten Alteholz wrote:
> On Mon, 25 Apr 2022, Shengjing Zhu wrote:
> >> If you look at package crowdsec, you find no dependency on
> >> golang-github-tidwall-gjson in its Built-Using:, but only an entry for
> >> golang-github-appleboy-gin-jwt.
> >>
> >> golan
On Mon, 25 Apr 2022, Shengjing Zhu wrote:
If you look at package crowdsec, you find no dependency on
golang-github-tidwall-gjson in its Built-Using:, but only an entry for
golang-github-appleboy-gin-jwt.
golang-github-appleboy-gin-jwt for its part depends on
golang-github-tidwall-gjson-dev.
On Mon, Apr 25, 2022 at 6:30 AM Thorsten Alteholz wrote:
>
>
>
> On Mon, 25 Apr 2022, Shengjing Zhu wrote:
> > For binNMU, it's also possible to add Dep-Wait.
>
> Hmm, but that would be some manually work, wouldn't it?
>
> > I don't have a preference for it. And I think binNMU is not friendly
> >
On Mon, 25 Apr 2022, Shengjing Zhu wrote:
For binNMU, it's also possible to add Dep-Wait.
Hmm, but that would be some manually work, wouldn't it?
I don't have a preference for it. And I think binNMU is not friendly
to Debian derivatives.
Ok, that is a good point.
For ratt and other pac
On Mon, Apr 25, 2022 at 1:30 AM Thorsten Alteholz wrote:
>
> Hi,
>
> On 24.04.22 15:21, Shengjing Zhu wrote:
> >> Do you want to
> >>
> >> 1. Rebuild package to carry fixed CVE in dependencies
> >> 2. Fix CVE in library and then go through 1
>
> I first fix the CVE in the affected package and than
Hi,
On 24.04.22 15:21, Shengjing Zhu wrote:
Do you want to
1. Rebuild package to carry fixed CVE in dependencies
2. Fix CVE in library and then go through 1
I first fix the CVE in the affected package and than look at the list of
packages that use it directly or via some kind of dependency c
Hi,
On Sun, Apr 24, 2022 at 8:12 PM Shengjing Zhu wrote:
>
> Hi,
>
> On Sun, Apr 24, 2022 at 7:30 PM Thorsten Alteholz wrote:
> >
> > Hi everybody,
> >
> > some time ago, before the release of Buster, the Release Team and the
> > Security Team critizied the missing tooling for security updates o
Hi,
On Sun, Apr 24, 2022 at 7:30 PM Thorsten Alteholz wrote:
>
> Hi everybody,
>
> some time ago, before the release of Buster, the Release Team and the
> Security Team critizied the missing tooling for security updates of Golang
> packages[1].
> I would like to improve the situation here and try
Hallo Thorsten,
Thorsten Alteholz (2022-04-24):
> some time ago, before the release of Buster, the Release Team and the
> Security Team critizied the missing tooling for security updates of
> Golang packages[1].
>
> I would like to improve the situation here and try to develop some
> scripts to
